Hello,
I have had a lot of trouble with Drupal in an environment where users may open many instances of the site on the one PC. In the sites/.../settings.php file:

change ini_set('session.save_handler', 'user');

to

ini_set('session.save_handler', 'files');

This change also causes unique entries in the drupal.sessions table for each browser instance.

When it is set to user, then all browsers use the same session cookie (and drupal.sessions table has a single entry), which can lead to some unexpected results, especially if there are different users logging into the different browsers, eg: for training purposes.

As I do not want my sessions to persist I have also altered the drupal/modules/users.module in the following manner:

// Destroy the current session:
 session_start(); // restore the session
  $_SESSION = array(); // clear the universal var
  if (isset($_COOKIE[session_name()])) {
     setcookie(session_name(), '', time()-42000, '/');
  } // clobber the cookie
  session_destroy(); // purge the session record
  module_invoke_all('user', 'logout', NULL, $user);

This code forces the session cookie to be destroyed as well as the drupal.sessions database entries, causing a unique session cookie to be created whenever a user logs out. This is possibly not necessary, but in my environment I would like to do this.

Would it be possible to have an option in the admin/settings to turn this function on or off? Also, it would be good if the session.save_handler could be set from the admin pages rather than from the .php file.

Finally, when the user presses the back button they will see all the cached pages the previous user was working on. Is it possible to set the system so that these pages expire? It would be great if the user logged on could browse backwards, but as soon as they log off their pages become expired.

I hope this helps improve the Drupal experience.
Thanks.

Comments

epifanio67’s picture

Hey Kieg,

Where do I place your //Destroy current session code? on the users.module?

I have been having a lot of issues login as an user to this site and an administrator to my site. Every new browser I open and point to Drupal.org site have me logged in!!!!

I already changed the ini_set() code; but it hasn't corrected my problem.

Please help.
Thanks,
epi