Hi, i;ve almost completed my site, but just came across a huge bug involving sessions. When i log onto the site (once logged into the site you come to another screen with a link that opens up a popup window which is where my game is played from) the game is fine, all information is put into the correct parts of the database etc, and it runs fine. If i was then to just close down the windows without logging out properly, then login as someone else, all the previous sessions are still stored so the information goes into the wrong database's.

I have no idea how to fix this, and was wondering if their was some sort of script that could destroy the sessions if the user closed down the window.

Any help will be most grateful as the sites meant to be launched tomorrow!

Thanks

Welcome to the biggest headache of the internet. There are a few ways to mitigate the problem

Shorten the timespan until the session logs out(without activity) Default is 20min.

Try using a js routine using the OnUnload function to fire a message to the server to destroy the session data.

None are 100% reliable.

What you want to do is ensure that your session lifetime is set to 0

That way when the browser is closed (remember that means all browers not just the one you playing the game on) then the session will die

HTH

GM

I don't know how you store the user session id, so I can't be really precise.
If you are using a database like MySQL to store session data, you usually retrieve session informations from a table (say "session"). So, when someone wants to close your game window, the idea is that the action of closing the window makes a function run (say "delete_session()") that cause the table "session" been rid of the user session data. Next, the same function unsets the cookies stored on the user computer.
Hope to have given an useful hint.

P.S.: if you can, DON'T ever use javascript.
Use it only as the ultimate resource!

Originally posted by trooper
What you want to do is ensure that your session lifetime is set to 0

But then of course everytime anyone (including, I wouldn't be surprised, yourself) hits the server there is a 1% (by default) chance that your session will be demolished no matter how quickly you're moving around the site.

The session will die when you close down the browser no matter what the lifetime is, because the browser loses the session ID in the process. The session data is still sitting on the server for the life of the session (after which it becomes eligble for garbage collection), but no-one's going to be using it because they don't have the session ID.

there was an article on this site about a custom session handling. It may or may NOT meet your needs, but you might want to look at it....

The situation Shane describes -- "all the previous sessions are still stored so the information goes into the wrong databases" -- doesn't make sense.

PHP session cookies are, by default, set to a lifetime of "0," which means any normal browser will delete the cookie when the browser is closed.

Without the cookie, there is no "handle" to grab the data that might or might not persist server-side. In other words, this problem does not exist.

If you are propagating the session ID in the URL, and allow that to continue through a new login, that's your own fault.

No, what i have stated is completly true. I created a login script, which use's sessions. For some reason when i logged out, then logged back in again (closing all browsers then loading them back up again), it thought i was the past user, and all information went into the wrong database.

For some reason, its fixed itself now, and their is not a problem - hopefully.

Thanks for all the feedback