Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to destroy session with browser closing in codeigniter

Recently I have developed a web application with codeigniter. I am facing a session related problem there badly.

Problem scenario:

If user A logged into the application then the user id set in session. After doing task user A closed his browser and leave the computer. A little while later user B came and open browser and see the application was in logged in state. or when user B write down the url and press enter it directly redirected into the application without any authentication by using the previous session.

I used the following configuration for session:

$config['sess_cookie_name']     = 'ci_session';
$config['sess_expiration']      = 1800;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie']  = FALSE;
$config['sess_use_database']    = FALSE;
$config['sess_table_name']      = 'ci_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update']  = 300;

Now my question is how can i destroy all the session with closing browser or browser tab in codeigniter?

like image 299
Ariful Islam Avatar asked Nov 01 '12 09:11

Ariful Islam


7 Answers

Edit the config.php file and set sess_expire_on_close to true.

e.g

$config['sess_expire_on_close'] = TRUE;
like image 194
mohsin139 Avatar answered Oct 16 '22 09:10

mohsin139


You can use javascript and asynchron request. When you close the window, the handler of window.onunload is called

var unloadHandler = function(e){
        //here ajax request to close session
  };
window.unload = unloadHandler;

To solve the problem of redirection, php side you can use a counter

  class someController  extends Controller {

   public function methodWithRedirection(){

        $this->session->set_userdata('isRedirection', 1);
        //here you can redirect  
   }
}
class homeController extends Controller{
   public function closeConnection(){
        $this->load->library('session');
        if($this->session->userdata('isRedirection')!== 1){
            //destroy session
         }
      }
   }  
like image 31
artragis Avatar answered Oct 16 '22 08:10

artragis


Add a logout button.

Have that button destroy the session with CI's built in destroy function.

$this->session->sess_destroy();
like image 43
colonelclick Avatar answered Oct 16 '22 09:10

colonelclick


Have a look at this, and see if this helps.

https://github.com/EllisLab/CodeIgniter/wiki/PK-Session

like image 22
viperfx Avatar answered Oct 16 '22 08:10

viperfx


Well, I don't know if you already had the solution, but I found myself in the same scenario in CodeIgniter version 3.0. In config.php, go to Session Variables section and you can set:

$config['sess_expiration'] = 0;

sess_expiration: The number of seconds you would like the session to last. If you would like a non-expiring session (until browser is closed) set the value to zero: 0

like image 31
José Miguel Avatar answered Oct 16 '22 08:10

José Miguel


in $config.php file

change  $config['sess_expiration'] = 7200;

to

$config['sess_expiration'] = 0;
like image 39
Sandeep Sherpur Avatar answered Oct 16 '22 08:10

Sandeep Sherpur


Simply set sess_expiration =0 in application/config/config.php file as stated in Codeigniter documentation

like image 21
Vipin Choubey Avatar answered Oct 16 '22 08:10

Vipin Choubey