PHP cannot possibly know when a user closes a window... PHP regularly "cleans out the garbage" of old abandoned sessions, but you cannot expect this instantly...
the only way to kill a session is to kill it on the server with session_destroy(), which will require the user to access a "logout" script, or some javascript trickery... If you access that URL tomorrow, I doubt the session will STILL be valid... You should do some reading up in the manual & php.ini, making sure what session destroy means, what session.auto_start means, etc. Justin on 22/11/02 6:02 PM, Jean-Christian Imbeault ([EMAIL PROTECTED]) wrote: > Justin French wrote: >> >> I know that for IE Mac users (not sure about NN7) it's not until you QUIT >> the application that the session is "terminated"... >> >> I *think* you'll find something similar in Windows... perhaps when ALL open >> browser windows are closed and/or the browser app is QUIT, the session will >> end? > > I exited all apps and restarted the browser. Didn't help. I also > copy-pasted the URL > (http://192.168.254.14/my_account.html?step=order_list&PHPSESSID=b6f60469a3a67 > b677cf9c13e34b17072) > from my Netscape 7 browser into an IE browser and the sessions was > still valid ... > > Is it because I am putting the SID in the URL? I haven't tested with > cookies yet as I want to get my site working without cookies first. > >> Adding a logout feature will help people who are worried about security, >> because it can kill the cookies on the browser. > > I agree! The problem I have now is that a user can bookmark a page with > the SID in the URL and then come back later and the session is still > active ... the session should close when the browser is closed. > > I have set session.auto_start = 1 so I would think that after closing > the browser and going to the bookmarked paged a new session would be > started, killing the SID passed in from the URL no? > > Thanks! > > Jc > Justin French -------------------- http://Indent.com.au Web Developent & Graphic Design -------------------- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
