Look at the session manual page and maybe set a shorter time limit for the session cookie. If the user isn't going to click on the Logout link, then there's really nothing you can do until they close the browser (which will stop the session / delete cookie automatically).
Maybe you can check for a certain period of inactivity and automatically log them out if they come back after that time. ---John Holmes... ----- Original Message ----- From: "Ake" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, May 15, 2002 5:11 AM Subject: [PHP] Session destroy/close I'm trying to close a session without the logged in surfer clicking "log out" (through a onunLoad javascript function which loads i different php document with the otherwise working php code for destryoing a session). I have a working "Log out" link which destroys the session and the variables in it but if the surfer doesn't click on it the session variables are still there and they can go back through their browser history and continue their session as logged in! So, how to destroy a session wihtout beeing able to control where the surfer clicks? I´ve gone through the documents and FAQ's without understanding any solution so I'd be most grateful for any help! Regards, Ake Svensson, aspiring database designer (MySQL/PHP/Linux) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php