Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
B
B
BonBon Slick2016-09-28 20:11:37
PHP
BonBon Slick, 2016-09-28 20:11:37

Unkillable PhP sessions, how is that possible?

A session on my site starts with these lines of code:

<?php
ob_start();
session_start();

Further there is a connection to a DB and other - other. On clicking the logout button, the following code is displayed:
session_destroy();
    session_unset();

The session works fine in Mozila FF, as soon as the browser is closed, that's it, you need to log in again, but in Chrome , it gets stupid, and the session goes like cookies, it was installed 1 time, and that's it, until you use unset () in the PhP session in chrome will work forever. How to fix this bug in Chrome? Why does everything work OK in Mozila FF? How to deal with it?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
V
Vitold S, 2016-09-28
@BonBonSlick

I see two solutions:
1. Why not just remove the parameters responsible for authorization in the session? Logging out of an account can be done by simply removing the user_id parameter from your session.
2. Why don't you consider self-implementation of sessions? Choose a high-speed storage like MongoDB (note that this is the local file system by default) and manage your session parameters (including the lifetime) yourself. Before each request, you do some kind of Session-> check () in which you request parameters and update the user session lifetime in the database, and if it didn’t work, then create a new record with a tricky name through Session-> start () like what does UUID and give it to the client as a COOKIE. On your "exit" simply call Session->destroy() and explicitly send a request to delete your record from the database.
This is a bicycle, of course, but you will immediately solve not only the problem of session destruction, but also prepare a solution for scaling to several servers.

Report
M
Melkij, 2016-09-28
@melkij

What happens to the session cookie? Because the session is matched to a specific browser by the cookie, use_trans_sid is disabled by default.
What is the problem? Browser not clearing cookies on close? It is not obliged to do this, but it is not forbidden to delete it by the standard.
The session lives for a long time - how long? How much gc_maxlifetime is specified? Do you understand that this is the time after which the garbage collector can delete the session, and not the guaranteed maximum lifetime? That this time is counted from the last reversal to session?

Similar questions
A
Artem Melnykov2019-09-11 09:24:58
What to do if android sdk is not installed? 2Reply
I
ibr_982017-04-24 19:18:51
Why doesn't "MouseEnter" work in visual c#? 2Reply
C
Captain_S2015-05-10 10:52:38
Where is the error in gulp task: watch? 2Reply
N
Nikolay2017-05-04 14:00:30
How to build a chain of calls to a static function? 3Reply
R
roadpecker2019-10-13 12:31:42
Is the knowledge of mathematics and physics of 11th grade enough to understand the book "The Art of Circuitry"? 5Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question