How to destroy session with browser closing in codeigniter

Question

Recently I have developed a web application with codeigniter. I am facing a session related problem there badly.

Problem scenario:

If user A logged into the application then the user id set in session. After doing task user A closed his browser and leave the computer. A little while later user B came and open browser and see the application was in logged in state. or when user B write down the url and press enter it directly redirected into the application without any authentication by using the previous session.

I used the following configuration for session:

$config['sess_cookie_name']     = 'ci_session';
$config['sess_expiration']      = 1800;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie']  = FALSE;
$config['sess_use_database']    = FALSE;
$config['sess_table_name']      = 'ci_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update']  = 300;

Now my question is how can i destroy all the session with closing browser or browser tab in codeigniter?

Answer 1

Edit the config.php file and set sess_expire_on_close to true.

e.g

$config['sess_expire_on_close'] = TRUE;

Answer 2

You can use javascript and asynchron request. When you close the window, the handler of window.onunload is called

var unloadHandler = function(e){
        //here ajax request to close session
  };
window.unload = unloadHandler;

To solve the problem of redirection, php side you can use a counter

  class someController  extends Controller {

   public function methodWithRedirection(){

        $this->session->set_userdata('isRedirection', 1);
        //here you can redirect  
   }
}
class homeController extends Controller{
   public function closeConnection(){
        $this->load->library('session');
        if($this->session->userdata('isRedirection')!== 1){
            //destroy session
         }
      }
   }  

Answer 3

Add a logout button.

Have that button destroy the session with CI's built in destroy function.

$this->session->sess_destroy();

Answer 4

Have a look at this, and see if this helps.

https://github.com/EllisLab/CodeIgniter/wiki/PK-Session

Answer 5

Well, I don't know if you already had the solution, but I found myself in the same scenario in CodeIgniter version 3.0. In config.php, go to Session Variables section and you can set:

$config['sess_expiration'] = 0;

sess_expiration: The number of seconds you would like the session to last. If you would like a non-expiring session (until browser is closed) set the value to zero: 0

Answer 6

in $config.php file

change  $config['sess_expiration'] = 7200;

to

$config['sess_expiration'] = 0;

Answer 7

Simply set sess_expiration =0 in application/config/config.php file as stated in Codeigniter documentation