Why does the Codeigniter session not expire after closing the browser?

Question

Why does the Codeigniter session not expire after closing the browser?

Problem scenario

If user A registers with the application, then the user ID is set in the session. After completing some tasks, user A closes his browser and leaves the computer. After a short time, user B came in and opened a browser and saw that the application was in a login state. User B can also open an internal URL that directly redirects it to the application without any authentication using the previous session.

My configuration

$config['sess_cookie_name'] = 'cisession'; $config['sess_expiration'] = 7200; $config['sess_expire_on_close'] = TRUE; $config['sess_encrypt_cookie'] = FALSE; $config['sess_use_database'] = FALSE; $config['sess_table_name'] = 'ci_sessions'; $config['sess_match_ip'] = FALSE; $config['sess_match_useragent'] = TRUE; $config['sess_time_to_update'] = 300;

+4

codeigniter session

Arslan Jan 16 '13 at 13:42

source share

4 answers

Why don't you use the CI session function for this

http://www.codeigniter.com/userguide2/libraries/sessions.html

0

Shibbir ahmed Jan 16 '13 at 13:52

source share

Try it maybe it helps you

 / ** * Escape String * * @param string * @param bool whether or not the string will be used in a LIKE condition * @return string */ public function escape_str($str, $like = FALSE) { if (is_array($str)) { foreach ($str as $key => $val) { $str[$key] = $this->escape_str($val, $like); } return $str; } $str = is_resource($this->conn_id) ? mysql_real_escape_string($str, $this->conn_id) : addslashes($str); // escape LIKE condition wildcards if ($like === TRUE) { return str_replace(array($this->_like_escape_chr, '%', '_'), array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'), $str); } return $str; } // --------------------------------------------------------------------

0

Arslan Aug 08 '14 at 5:39

source share

Install in the application /config/config.php:

 $config['sess_expiration'] = 0; $config['sess_expire_on_close'] = TRUE;

This should be OK.

0

jp61 May 19, '15 at 21:50

source share

arslaan ejaz · Accepted Answer · 2013-01-18T07:26:34+0000

You can override or set a configuration item dynamically . If you just look at $config['sess_expire_on_close'] = TRUE; Whether to automatically terminate the session when the browser window is closed.

Set to true if the user has not checked the Remember Me box. And the session will expire after closing the browser.

And if he checks the Remember Me checkbox, set $ config ['sess_expire_on_close'] to FALSE, for example

 if($this->input->post('remember')) $this->config->set_item('sess_expire_on_close', '0'); //'remember' is checkbox name.

now the session does not expire after closing the browser. Note: this solution is also tested on Opera, Mozilla, Chrome and ie9

Why does the Codeigniter session not expire after closing the browser?

Problem scenario

My configuration

More articles: