FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Expire session on browser close or back button
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Expire session on browser close or back button [message #172869 is a reply to message #172868] Mon, 07 March 2011 10:11 Go to previous messageGo to previous message
Erwin Moller is currently offline  Erwin Moller
Messages: 228
Registered: September 2010
Karma:
Senior Member
On 3/7/2011 10:45 AM, mohan wrote:
> I am developing one website in which I have the following requirements
> which are pretty much similar to banking website behavior:
> - Expire session when browser is closed

If you do not set the 'expires' for a cookie, it will default to what is
named "session cookie". A session cookie will expire when the browser is
closed.


> - Expire session when user clicks on back button of browser

Not directly.
What you can do is sessionid-rotation and/or session in cookie only.

To use session in cookie only, set this in your php.ini.
Look for: session.use_only_cookies

You might also want to read the following paper on session-fixation (and
its solution: sessionid-rotation).
It contains some good background information and in-depth analysis of
your situation.
http://www.acros.si/papers/session_fixation.pdf

The bottomline with the BACK button is that behavior differs from
browser to browser, and you should solve your problem serverside, not
clientside. SO go for sessionid-rotation.


> - Do not show the page if user directly copy pastes the URL to
> navigate to a page

That is solved if the URL is NEVER used to find a sessionid.
Demand a cookie, see above.


>
> Can someone please provide me suggestion on how to implement this. I
> am using Centos, nginx and php combination.

That should be OK.

Good luck.
Regards,
Erwin Moller

--
"That which can be asserted without evidence, can be dismissed without
evidence."
-- Christopher Hitchens
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Stats comp.lang.php (last 7 days)
Next Topic: hai
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Dec 01 06:06:13 GMT 2024

Total time taken to generate the page: 0.04081 seconds