How to destroy session with browser closing in codeigniter

9
votes

Recently I have developed a web application with codeigniter. I am facing a session related problem there badly.

Problem scenario:

If user A logged into the application then the user id set in session. After doing task user A closed his browser and leave the computer. A little while later user B came and open browser and see the application was in logged in state. or when user B write down the url and press enter it directly redirected into the application without any authentication by using the previous session.

I used the following configuration for session:

$config['sess_cookie_name']     = 'ci_session';
$config['sess_expiration']      = 1800;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie']  = FALSE;
$config['sess_use_database']    = FALSE;
$config['sess_table_name']      = 'ci_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update']  = 300;

Now my question is how can i destroy all the session with closing browser or browser tab in codeigniter?

9
phpcodeignitersession
Try setting $config['sess_expire_on_close'] = TRUE;. Sessions - Whether to cause the session to expire automatically when the browser window is closed.air4x
it doesn't work. Is there any other solution?Ariful Islam
Are you storing the sessions in a DB?ajtrichards
@AlexRichards no i am not storing the sessions in a DB.Ariful Islam
For future visitors: First, I tried $config['sess_expiration'] = 0; and it didn't work. Then I tried $config['sess_expire_on_close'] = TRUE; and it worked, but this is said to be a legacy setting. So I couldn't really rely on it. Tried the first one again. This time I restarted the Apache, and it worked.akinuri

9 Answers

6
votes

You can use javascript and asynchron request. When you close the window, the handler of window.onunload is called 

var unloadHandler = function(e){
        //here ajax request to close session
  };
window.unload = unloadHandler;

To solve the problem of redirection, php side you can use a counter

  class someController  extends Controller {

   public function methodWithRedirection(){

        $this->session->set_userdata('isRedirection', 1);
        //here you can redirect  
   }
}
class homeController extends Controller{
   public function closeConnection(){
        $this->load->library('session');
        if($this->session->userdata('isRedirection')!== 1){
            //destroy session
         }
      }
   }
7
votes

Edit the config.php file and set sess_expire_on_close to true.

e.g 

$config['sess_expire_on_close'] = TRUE;
3
votes

Add a logout button.

Have that button destroy the session with CI's built in destroy function.

$this->session->sess_destroy();
2
votes

Have a look at this, and see if this helps.

https://github.com/EllisLab/CodeIgniter/wiki/PK-Session

2
votes

Well, I don't know if you already had the solution, but I found myself in the same scenario in CodeIgniter version 3.0. In config.php, go to Session Variables section and you can set:

$config['sess_expiration'] = 0;

sess_expiration: The number of seconds you would like the session to last. If you would like a non-expiring session (until browser is closed) set the value to zero: 0

1
votes

in $config.php file 

change  $config['sess_expiration'] = 7200;

to 

$config['sess_expiration'] = 0;
1
votes

Simply set sess_expiration =0 in application/config/config.php file as stated in Codeigniter documentation

0
votes

Open the general config file application/config/config.php, search for $config[‘sess_expiration’]

change 

$config['sess_expiration'] = 7200;

to

$config['sess_expiration'] = -1;
0
votes

for CI-3.0.4 locate the items below inside "config.php" and set accordingly

$config['sess_expiration'] = -1;
$config['sess_time_to_update'] = -1;