BackGround I made a webapp where the user need to login to use the functionalities in the webapp.
I'd like to make it fairly secure on the Session side (to avoid leaving a Session opened). I know the session get destroyed by default when the browser gets closed (you close all your Chrome tabs). I also added this PHP code on the logout button to destroy it.
<?php
session_start();
unset($_SESSION['username']);
unset($_SESSION['password']);
session_destroy();
header('location: somelocation');
?>
My issue is when the user only close the browser tab where the application is, the session won't get destroyed and he will be able to reopen it without doing the login again. So if the user has a YouTube (e.g.) tab opened and he close only the tab where my application is, the session won't get destroyed. There's a way to detect it and destroy the session? I already took a look at: logout user when browser or tab is closed and destroy session when broswer tab closed But they do not answer my question. Thanks in advice.