It's a "session" cookie, the browser clears it when it's closed. IIRC you set the time to 0 to turn the cookie into a session one. Not sure how it'll work with sessions though.
> -----Original Message----- > From: Justin French [mailto:[EMAIL PROTECTED] > Sent: Friday, March 21, 2003 9:59 AM > To: Beauford.2002; PHP General > Subject: Re: [PHP] Sessions question > > > I think it's defined as "when the browser is closed", not > "when the browser is no longer in your domain" -- but you'd > have to ask an expert or read the specs to be sure. > > Justin > > > on 22/03/03 2:27 AM, Beauford.2002 ([EMAIL PROTECTED]) wrote: > > > What about cookies - someone said if you put no time limit > on a cookie > > it dies when you leave the site - I'm not sure about this, but any > > help is appreciated. > > > > > > ----- Original Message ----- > > From: "Justin French" <[EMAIL PROTECTED]> > > To: "Beauford.2002" <[EMAIL PROTECTED]>; "PHP General" > > <[EMAIL PROTECTED]> > > Sent: Friday, March 21, 2003 2:46 AM > > Subject: Re: [PHP] Sessions question > > > > > >> on 21/03/03 4:57 PM, Beauford.2002 > ([EMAIL PROTECTED]) wrote: > >> > >>> I have read some posts to this list on sessions and have read as > >>> much as > > I > >>> can find on them, but one problem still exists which I > can't figure > >>> out. > > How > >>> do I kill the session when the user leaves my site. So if > a user is > >>> on www.mine.com and logs in successfully, then goes to > www.hers.com > >>> - the > > user > >>> should have to log in again once coming back to > www.mine.com, but at > > present > >>> the user is still logged in - and all variables are still set. > >> > >> How can PHP possibly tell when the user closes a window, > or manually > > enters > >> a new URL into the browser? > >> > >> It can't because PHP is only server side. > >> > >> Set the appropriate session max lifetime and garbage clean out > > probability, > >> and sessions should die within a reasonable time of not being used > >> (see php.ini for more info). > >> > >> Or, present the user with a logout link, to be sure the session is > >> killed instantly. > >> > >> You can also do some *extra* insurance by creating a javascript > >> pop-up triggered on a window close event which forces a > log out, but > >> this will > > only > >> help in some cases, and more to the point, client-side scripting > >> cannot be relied upon. > >> > >> If you want to kill sessions as people click on external > links within > >> your site, you can do so by creating a middle-man script > between your > >> page and the external site: > >> > >> Instead of > >> <a href='http://newsite.com'>click</a> you would do this: > >> > >> <a > href='out.php?url=<?=urlencode('http://newsite.com')?>'>click</a> > >> > >> out.php would be responsible for killing the session before doing a > > header() > >> redirect to the target url. > >> > >> > >> But, end of the day, all these are work-arounds. Offer a > logout link > >> on every page of your site. If the user chooses not to > logout, then > >> they are consciously making this decision -- they may want to come > >> back shortly, or they may not care about the security > implications -- > >> either way, it's > > their > >> call. > >> > >> > >> Justin > >> > >> > >> -- > >> PHP General Mailing List (http://www.php.net/) > >> To unsubscribe, visit: http://www.php.net/unsub.php > >> > >> > > > > > > --- > > [This E-mail scanned for viruses] > > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
