Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Session Destroy issues

Status
Not open for further replies.
JCrou82

JCrou82

Programmer
Joined
Aug 23, 2002
Messages
265
Location
US
I have created a simple login passess the session ID to the frameset. In the frameset the session ID is then passed to two pages within the frameset. on the top page, i have a logout button which is supposed to destroy the session. The problem is that the session and data still exist even after session destroy. even if I login with a different username, it grabs the last data. How can I make the logout function work correctly?

Thanks
 
Sort by date Sort by votes
Are u getting any error while destroying the session ?

what is the code ur using ?



--------------------------------------------------------------------------
I never set a goal because u never know whats going to happen tommorow.
 
Upvote 0 Downvote
I resolved my problem.....
seems that when i did a check on session registered, i put it in an include file. Obviously, my session_destroy() function was in my login file which couldn't include the session registered check so i took it out and in doing so forgot to pass the session to login page when logout was clicked. so rather then adding the include file, I just added session_start() and that fixed it.

thanks anyways
 
Upvote 0 Downvote
actually I would like to know how to create a timeout so that I can destroy a session after lets say 15 minutes of inactivity or when the browser is closed or has gone to another site so that if a user forgets to log out before doing any of the above, their session will be deleted so that someone doesn't do anything malicious on their login?

thanks
 
Upvote 0 Downvote
Actually, there's nothing you have to do in code to accomplish that. All that can be done through configuration of php.ini

Three PHP settings control session existence-time: session.cookie_lifetime, session.gc_maxlifetime, and session.gc_probability

Every time PHP runs session_start() (or every time a script is run if session.auto_start is set to 1), it generates a random integer between 1 and 100. If that number is equal to or less than the value of session.gc_probability, it performs garbage collection on the session store.

What PHP considers garbage is set by session.gc_maxlifetime. If any session store is older than the number of seconds in session.gc_maxlifetime, then when PHP's garbage collection activates, that session store is removed.

So setting session.gc_maxlifetime to 900 and sessoin.gc_probability to 100 should enforce absolutely expriation of sessions.

Determining how long the session's index cookie should be kept by the browser is set by session.cookie_lifetime. By default, it's set to 0, which tells the browser to delete the cookie when the browser is shut down.

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Keyth
  • Locked
  • Question Question
PHP/IIS to SQLServer connection issues
Replies
1
Views
305
vacunita
vacunita
southbeach
  • Locked
  • Question Question
Haunted by vanishing session
Replies
4
Views
412
southbeach
southbeach
southbeach
  • Locked
  • Question Question
Problem with session dropping/loosing value
Replies
1
Views
279
southbeach
southbeach
tyutghf
  • Locked
  • Question Question
Array issues
Replies
3
Views
241
vacunita
vacunita
LWolf
  • Locked
  • Question Question
Can't get session variable
Replies
2
Views
319
LWolf
LWolf

Part and Inventory Search

Sponsor

Back
Top