By lapurda on
HI,
Iam new to the php with drupal ,firstly i created one page with drupal.But some security problem comes i.e if i close the browser session is not closed.
By this iam changing the settingg.php in that
replace the
ini_set('session.cookie_lifetime', 2000000);
with
ini_set('session.cookie_lifetime', 0);
I change these and close the browser .again open session is not closed .So what can i do .
please help me.
advanced thanks.
Comments
It does work, maybe you need
It does work, maybe you need to delete the old cookie first? Or perhaps clear your cache? (Browser cache)
Pobster
Hi, Also change in
Hi,
Also change in settings.php file
ini_set('session.use_only_cookies', 0);
This will clear the session in the cookie. When you close the browser the session it will automatically expire.
Link :
http://drupal.org/node/41879
http://www.php.net/manual/en/ini.php#ini.list
- murali
hi,doesnot working
HI,
thank u for giving a reply. but it does not work
In settings.php i chaned three things they are:
ini_set('session.cookie_lifetime', 2000000);
with
ini_set('session.cookie_lifetime', 0);
And
ini_set('session.use_only_cookies', 1);
with
ini_set('session.use_only_cookies', 0);
And
ini_set('session.cache_limiter', 'none');
with
ini_set('session.cache_limiter', 0);
i made all these three things bbut it doesnot works.It works fine only at the time of manuualy clear the cache and cookies in the browser ,but i donot want like that .I want Just by close the browser the session destroyed .
If any one know please help me, regarding these.
thanks in advace.
It works for me. I changed
It works for me. I changed these two options alone in the settings.php file.
ini_set('session.cookie_lifetime', 0);
ini_set('session.use_only_cookies', 0);
Better do one thing clear the cookies in the browser for first time and then login. If
You can also check by access the same url in another browser window at the same time like
http://localhost/drupal/
then it will ask username and password for login.
In previous case it allows you to do automatic login.
Now it won't allow you to do that.
It doesnot work for me
HI,
Thank u for your reply.
I changed the below things ,
ini_set('session.cookie_lifetime', 0);
ini_set('session.use_only_cookies', 0);
After changing this i clear the browser cookies ,and then login by username and password after login close the browser and again enter to the sites,it shows the already login page ,but session doesnot closed .
But i want if browser closes,session close closes.
Please help me,
thanks in advance
ini_set();
Are you sure you have permissions to use ini_set()? It's possible that your web host provided has disabled this function (which you would think would show some error, but maybe they have disabled error reporting as well...).
This node has some information on other ways to set these php environmental variables.
Dave
My site: http://www.unitorganizer.com/myblog
it's working
HI
thank u for ur reply,
it is working in Internet Explorer ( IE ) ,but not in Mozilla i can change any extra fields.
thanks in advance.
Hi friend!
This is just and just a browser issue... The session will not close if your browser is reloading the session on its startup... The newer version of mozilla does this.... IE doesn't do this please check in IE and everything will be fine.
It works for browser close but have a problem in tab close
Hi,
Same changes I have done...
ini_set('session.cookie_lifetime', 0);
ini_set('session.use_only_cookies', 0);
ini_set('session.cache_limiter', 0);
These three changes is works for browser closing but when in case of tab close cookies should alive and this not works.
Thanks in advance.
Clear your cookies
I just got this working. The session was still being remembered after browser close after I changed session.cookie_lifetime to 0 in settings.php. I tried also setting session.use_only_cookies to 0 as described, but that didn't help. Finally I cleared my cookies in FF and it worked with just cookie_lifetime set to 0. So be sure to clear your cookies when changing the cookie_lifetime.
HTH,
Chris
Auto Logout
Hi, you could also try the auto logout modal, (http://drupal.org/project/autologout). This modal automatically loges the user off after a specified amount of time. It goes well with the JavaScript Countdown Timer, (http://drupal.org/project/countdowntimer).
try maing it a negative value
try maing it a negative value i.e try
ini_set('session.cookie_lifetime', -1)
it works with IE
On my site
On my site ini_set('session.cookie_lifetime', 0) works fine for me, I us it.
How do u do that sir?
on my website is not work on it ><
Make sure you are editing the
Make sure you are editing the settings.php file and not the default.settings.php file, in the sites/default directory.
Aaron
hai sir
I have too , but not work ><, is there any solutions ><
it is work sir
u must to clean first delete all cookies sir, so it is can work on it sir to clear cache, just try on it
Session expire on browser close
I have changed the settings as instructed in settings.php file. The session is no longer stored after browser close. But this is causing me trouble when working on admin part of my site. I am requested to login on each and every page.PLease help!!!
Solved :) (drupal 6)
Its mainly due to permission problem . please follow this steps
1. Clear browser cookie and cache
2. set permission sites/default folder to 777 (via FTP)
3. set permission to sites/default/setting.php to 777 (via FTP)
4. in setting.php , ini_set('session.cookie_lifetime', 2000000); change 2000000 to 0
5. dont forget to set permissions back to 555 (for security reason)
Now users will automatically logout after they close browser (tested on firefox, chrome)
Firefox restore session remembers session cookies
There is a Firefox-specific issue here: if you have set Firefox to remember your tabs and restore them on restart, it will also restore the session cookies, even if you have done
ini_set('session.cookie_lifetime', 0). See https://bugzilla.mozilla.org/show_bug.cgi?id=345345, "Session Restore remembers logins from session cookies".use persistent_login
http://drupal.org/project/persistent_login , :)