Hi there, I recently discovered a hole in my and a lot other apps on the net. There must be a workaround, becaus I also found apps which work fine.
The sittuation is as follows: After signing in, I am setting a cookie with a unique session id. Cookie parameter is set to 0. The session expires as soon as the client closes the browser. Thats what I thought. Real live looks like this: Closing all browser windows makes the session expired, as it should. But!! Closing the window with the application inside does not expire the session if there is another child of this browser open. For example e-mail services. I found a service where it possible to close your browser window with the app inside and the session is still active. What if the person is in a internet caffee? Someone else just takes the other open window of the browser and hits on the history the last browsed sites and here he goes! My question is: Is there a way to close this hole and let the session expire as soon as only the active window is closed? Thanx you for any help, Andy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
