Destroy the PHP session on the page

Question

Destroy the PHP session on the page

I need to destroy the session when the user leaves a specific page. I use session_destroy() at the end of the page, but this is not possible for me because my page has pagination. My page: abc.php?page=1 or abc.php?page=2 or abc.php?page=3 .

So, I need to destroy the session when the user leaves the abc.php page. How can I do this without using cookies?

+8

php session

riad Jul 05 '10 at 5:27

source share

7 answers

To start when the user really leaves the page, you must use Javascript to send an asynchronous request to the server. There is no way for the server to know that the user has “left” the page.

See http://hideit.siteexperts.com/forums/viewConverse.asp?d_id=20684&Sort=0 .

+4

Borealid Jul 05 '10 at 5:42

source share

I had a similar problem, but mine was reloading the page. I need the variables that I typed for destruction. It was for my entry into my web design class that I returned an error message if the user provided an invalid username or password. I could get an error message, but if I click on the updated page, the errors will remain there. I found that simply setting the variable to zero after printing it would kill her. Take a look at what I did:

 <p>To access my website please Login:</p> <form name='login' action="./PHP_html/PHP/login.php" method='post'> Username: <input type='text' name='username' /><div><?php print $_SESSION['baduser']; $_SESSION['baduser'] = "";?></div><br /> <div style="padding-left: 4px">Password: <input type='password' name='password' /><div><?php print $_SESSION['badpass']; $_SESSION['badpass'] = "";?></div></div> <input type='submit' value='Login' /> or you can <a href="./Terms.php">Register</a>

I don't know if this helps at all, but it worked for me.

Also, thanks to everyone that you post on sites like this to help those of us who are still learning.

+1

Bakerj417 Nov 04 '11 at 13:44

source share

For a specific page, you need to destroy the session, then disable the entire session variable using

unset($_SESSION['varname']);

For the whole site, you can use session_destroy();

0

Karthik Jul 05 '10 at 5:37

source share

I am solving a problem. First, take the current url, and then chk on the stay page on the current page url.if is not in the current URL, and then destroy the session.

 $url = "http" . ((!empty($_SERVER['HTTPS'])) ? "s" : "") . "://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']; $page_name="abc.php"; if (!preg_match("/$page_name/",$url)) { session_destroy(); }

But this code should be used on other pages. Because http is stateless processes, so it cannot be found when the user leaves the page.

0

riad Jul 05 '10 at 6:08

source share

You can’t say when the user goes from the page, it is simply not possible in a reliable way.

The best you can do is use cookies. When you start a session, you send a cookie to the client, which identifies the client at each subsequent visit, and therefore activates the associated session. The client must send this identification on subsequent visits, and it is up to the client to “forget” his identification.

You can instruct the client to send cookies only to certain pages, and you can instruct him to forget the cookie when you close the browser (with a lifespan of 0). This can be set using session_set_cookie_params .

Other than that, you can simply ignore session parameters on pages where they do not matter. You can delete a session (or its defined values) after some time of inactivity when you assume that the client has left.

0

deceze Jul 05 '10 at 6:44

source share

Borealid deserves attention for pointing to the most elegant solution.

The more kludgey solution is to keep the iframe on the page that is pointing to another "monitor" page, which is set to update every few seconds. This can be done without using JavaScript:

 <meta http-equiv="refresh" content="10">

This refreshes the monitor page every 10 seconds. When this happens, the monitor page can record the time (overwriting the previously recorded time) and the session identifier on the server somewhere (DB or file).

Then you will need to create a cronjob that checks the file / DB for any sessions that are more than 10 ~ 12 seconds old and delete them manually. Session data is usually stored in a directory (specified by your PHP configuration) in a file called sess_the-session-ID . You can use the PHP function, for example:

 function delete_session($sessId) { $sessionPath = session_save_path(); // you'll want to change the directory separator if it a windows server $sessFile = "$sessionPath/sess_$sessId"; if (file_exists($sessFile) && unlink($sessFile)) return true; return false; }

0

Lèse majesté Jul 05 '10 at 7:21

source share

Valentin flachsel · Accepted Answer · 2010-07-05T06:04:04+0000

Doing something when the user navigates from the page is the wrong approach because you don’t know if the user will navigate the whole other page (say contact.php for the sake of the argument), or he / she will just go to the next page abc .php and, as Borealid pointed out, you cannot do this without JS. Instead, you can simply add a check and see if there is a user from abc.php:

First, in your abc.php file, a unique variable is set in the $ _SESSION array, which will act as the character that the user had on this page:

 $_SESSION['previous'] = basename($_SERVER['PHP_SELF']);

Then add this on all pages before any exit to check if the user is coming from abc.php:

 if (isset($_SESSION['previous'])) { if (basename($_SERVER['PHP_SELF']) != $_SESSION['previous']) { session_destroy(); ### or alternatively, you can use this for specific variables: ### unset($_SESSION['varname']); } }

Thus, you will destroy the session (or certain variables) only if the user goes from abc.php and the current page is different.

Hope I could clearly explain this.

Destroy the PHP session on the page

More articles: