FUDforum: comp.lang.php » Expire session on browser close or back button

Home » Imported messages » comp.lang.php » Expire session on browser close or back button

Show: Today's Messages :: Polls :: Message Navigator

Re: Expire session on browser close or back button [message #172869 is a reply to message #172868]

Mon, 07 March 2011 10:11

Erwin Moller
Messages: 228
Registered: September 2010

Karma:

Senior Member

On 3/7/2011 10:45 AM, mohan wrote:
> I am developing one website in which I have the following requirements
> which are pretty much similar to banking website behavior:
> - Expire session when browser is closed

If you do not set the 'expires' for a cookie, it will default to what is
named "session cookie". A session cookie will expire when the browser is
closed.

> - Expire session when user clicks on back button of browser

Not directly.
What you can do is sessionid-rotation and/or session in cookie only.

To use session in cookie only, set this in your php.ini.
Look for: session.use_only_cookies

You might also want to read the following paper on session-fixation (and
its solution: sessionid-rotation).
It contains some good background information and in-depth analysis of
your situation.
http://www.acros.si/papers/session_fixation.pdf

The bottomline with the BACK button is that behavior differs from
browser to browser, and you should solve your problem serverside, not
clientside. SO go for sessionid-rotation.

> - Do not show the page if user directly copy pastes the URL to
> navigate to a page

That is solved if the URL is NEVER used to find a sessionid.
Demand a cookie, see above.

>
> Can someone please provide me suggestion on how to implement this. I
> am using Centos, nginx and php combination.

That should be OK.

Good luck.
Regards,
Erwin Moller

--
"That which can be asserted without evidence, can be dismissed without
evidence."
-- Christopher Hitchens

Report message to a moderator

[Message index]

		Expire session on browser close or back button By: mohan on Mon, 07 March 2011 09:45
		Re: Expire session on browser close or back button By: Erwin Moller on Mon, 07 March 2011 10:11
		Re: Expire session on browser close or back button By: Michael Fesser on Mon, 07 March 2011 12:55
		Re: Expire session on browser close or back button By: Captain Paralytic on Mon, 07 March 2011 13:23
		Re: Expire session on browser close or back button By: mohan on Tue, 08 March 2011 10:31
		Re: Expire session on browser close or back button By: bill on Tue, 08 March 2011 11:51
		Re: Expire session on browser close or back button By: alvaro.NOSPAMTHANX on Tue, 08 March 2011 12:11
		Re: Expire session on browser close or back button By: Denis McMahon on Tue, 08 March 2011 17:51
		Re: Expire session on browser close or back button By: D. Stussy on Tue, 08 March 2011 20:14

Previous Topic:	Stats comp.lang.php (last 7 days)
Next Topic:	hai

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri Sep 20 05:36:39 GMT 2024

Total time taken to generate the page: 0.05343 seconds