Look at the session manual page and maybe set a shorter time limit for the
session cookie. If the user isn't going to click on the Logout link, then
there's really nothing you can do until they close the browser (which will
stop the session / delete cookie automatically).

Maybe you can check for a certain period of inactivity and automatically log
them out if they come back after that time.

---John Holmes...

----- Original Message -----
Sent: Wednesday, May 15, 2002 5:11 AM
Subject: [PHP] Session destroy/close

I'm trying to close a session without the logged in surfer clicking "log
out" (through a onunLoad javascript function which loads i different php
document with the otherwise working php code for destryoing a session). I
have a working "Log out" link which destroys the session and the variables
in it but if the surfer doesn't click on it the session variables are still
there and they can go back through their browser history and continue their
session as logged in!

So, how to destroy a session wihtout beeing able to control where the surfer
clicks? IŽve gone through the documents and FAQ's without understanding any
solution so I'd be most grateful for any help!


Ake Svensson, aspiring database designer (MySQL/PHP/Linux)

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to