on 22/11/02 4:57 PM, Jean-Christian Imbeault ([EMAIL PROTECTED]) wrote: > I've made a site in PHP and on some pages a user needs to log in first > before gaining access to the page. (i.e. there is a log in page). > > Once the user has logged in I keep that fact in a session variable so > that he doesn't need to log in again. > > However I have found out that if: > > 1- the user logs in > 2- bookmarks the page > 3- closes the browser > 4- opens the browser > 5- goes to the saved bookmark page > > He has access to the page. I.e. the session did not close/terminate when > he closed his browser ...
I know that for IE Mac users (not sure about NN7) it's not until you QUIT the application that the session is "terminated"... this is because one application (IE or NN) may have multiple browser windows attached to it. I *think* you'll find something similar in Windows... perhaps when ALL open browser windows are closed and/or the browser app is QUIT, the session will end? Adding a logout feature will help people who are worried about security, because it can kill the cookies on the browser. Justin > In Netscape 7 I have checked the stored cookie and it is set to expire > at the end of the session (which is the default I think), so I don't > understand why the PHP thinks the session is still opened ... Justin French -------------------- http://Indent.com.au Web Developent & Graphic Design -------------------- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
