I think it's defined as "when the browser is closed", not "when the browser is no longer in your domain" -- but you'd have to ask an expert or read the specs to be sure.
Justin on 22/03/03 2:27 AM, Beauford.2002 ([EMAIL PROTECTED]) wrote: > What about cookies - someone said if you put no time limit on a cookie it > dies when you leave the site - I'm not sure about this, but any help is > appreciated. > > > ----- Original Message ----- > From: "Justin French" <[EMAIL PROTECTED]> > To: "Beauford.2002" <[EMAIL PROTECTED]>; "PHP General" > <[EMAIL PROTECTED]> > Sent: Friday, March 21, 2003 2:46 AM > Subject: Re: [PHP] Sessions question > > >> on 21/03/03 4:57 PM, Beauford.2002 ([EMAIL PROTECTED]) wrote: >> >>> I have read some posts to this list on sessions and have read as much as > I >>> can find on them, but one problem still exists which I can't figure out. > How >>> do I kill the session when the user leaves my site. So if a user is on >>> www.mine.com and logs in successfully, then goes to www.hers.com - the > user >>> should have to log in again once coming back to www.mine.com, but at > present >>> the user is still logged in - and all variables are still set. >> >> How can PHP possibly tell when the user closes a window, or manually > enters >> a new URL into the browser? >> >> It can't because PHP is only server side. >> >> Set the appropriate session max lifetime and garbage clean out > probability, >> and sessions should die within a reasonable time of not being used (see >> php.ini for more info). >> >> Or, present the user with a logout link, to be sure the session is killed >> instantly. >> >> You can also do some *extra* insurance by creating a javascript pop-up >> triggered on a window close event which forces a log out, but this will > only >> help in some cases, and more to the point, client-side scripting cannot be >> relied upon. >> >> If you want to kill sessions as people click on external links within your >> site, you can do so by creating a middle-man script between your page and >> the external site: >> >> Instead of >> <a href='http://newsite.com'>click</a> you would do this: >> >> <a href='out.php?url=<?=urlencode('http://newsite.com')?>'>click</a> >> >> out.php would be responsible for killing the session before doing a > header() >> redirect to the target url. >> >> >> But, end of the day, all these are work-arounds. Offer a logout link on >> every page of your site. If the user chooses not to logout, then they are >> consciously making this decision -- they may want to come back shortly, or >> they may not care about the security implications -- either way, it's > their >> call. >> >> >> Justin >> >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> > > > --- > [This E-mail scanned for viruses] > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
