PHP cannot possibly know when a user closes a window... PHP regularly
"cleans out the garbage" of old abandoned sessions, but you cannot expect
this instantly...

the only way to kill a session is to kill it on the server with
session_destroy(), which will require the user to access a "logout" script,
or some javascript trickery...

If you access that URL tomorrow, I doubt the session will STILL be valid...

You should do some reading up in the manual & php.ini, making sure what
session destroy means, what session.auto_start means, etc.


on 22/11/02 6:02 PM, Jean-Christian Imbeault ([EMAIL PROTECTED]) wrote:

> Justin French wrote:
>> I know that for IE Mac users (not sure about NN7) it's not until you QUIT
>> the application that the session is "terminated"...
>> I *think* you'll find something similar in Windows... perhaps when ALL open
>> browser windows are closed and/or the browser app is QUIT, the session will
>> end?
> I exited all apps and restarted the browser. Didn't help. I also
> copy-pasted the URL
> (
> b677cf9c13e34b17072)
> from my Netscape 7 browser into an IE browser and the sessions was
> still valid ...
> Is it because I am putting the SID in the URL? I haven't tested with
> cookies yet as I want to get my site working without cookies first.
>> Adding a logout feature will help people who are worried about security,
>> because it can kill the cookies on the browser.
> I agree! The problem I have now is that a user can bookmark a page with
> the SID in the URL and then come back later and the session is still
> active ... the session should close when the browser is closed.
> I have set session.auto_start = 1 so I would think that after closing
> the browser and going to the bookmarked paged a new session would be
> started, killing the SID passed in from the URL no?
> Thanks!
> Jc

Justin French
Web Developent & 
Graphic Design

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to