session destroy when leaving the site

ststeve

hi guys!

following problem:

in one of my projects i work with sessions (it is an online homepage editor, so that the user can change his site online, without any html knowledge) this projekts includes many sites and the user first must login to change his homepage. when he did the login i start a session - so that the i can register the most important variables - which i need for the other sites.

now my problem: when the user logout i destroy the session, but when the user is in his "personal homepage editor" and he leaves the site (e.g. by typing an other url) i have no change to destroy the session. the problem is now when he clicks on the "back" button that the session is still alive - that is what i want to prevent.

any ideas

thx

daveyboy

You could destroy the session if $_SERVER['HTTP_REFERER'] is not one of your pages. This can be faked, though.

rIkLuNd

How do I use sessions?