So i would like to have it well done as following : 1. if user close the browser : session is destroyed and user is redirected to main HTTPS page (the login one) 2. if user close the TAB in which the web application worked, the session data (so cookies if i understood well) should be destroyed to avoid any possibile hacking. How should i do that ? for point 1, i was thinking to check is the $_SESSION['username'] data is set. this variable is set only after authentication of user. but for point 2 i have no idea. thanks, Alain On 3/24/07, Richard Lynch <ceo@xxxxxxxxx> wrote:
If you set the session timeout to 0, then it dies when the browser is quit. On Wed, March 21, 2007 12:37 pm, Alain Roger wrote: > Hi, > > I would like to know what is the best solution for my problem. > > When a user is connected to a https page and a session is open, if > user > close his browser, the session ID is still active in the browser > "history". > It means that next time when user will start his browser, the browser > will > re-use the same session ID and will work with php pages without any > problem. > > I was thinking to use cookie to solve this issue, but what should i do > when > user browser refuse cookies ? > > thanks a lot, > > -- > Alain > ------------------------------------ > Windows XP SP2 > PostgreSQL 8.1.4 > Apache 2.0.58 > PHP 5 > -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So?
-- Alain ------------------------------------ Windows XP SP2 PostgreSQL 8.1.4 Apache 2.0.58 PHP 5
