问题
Problem scenario
If a user A logs into the application then the user id set in session. After doing some tasks user A closes his browser and leaves the computer. Short time later, user B came and open browser and see the application was in logged in state. User B can also open an internal url, which directly redirects him into the application without any authentication by using the previous session.
My Configuration
$config['sess_cookie_name'] = 'cisession';
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close'] = TRUE;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = FALSE;
$config['sess_table_name'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 300;
回答1:
You can override or Set a Config Item dynamically. If you simply look at $config['sess_expire_on_close'] = TRUE;
Whether to make the session to expire automatically when the browser window is closed.
Set it to true if user did not check the remember me checkbox. And the session will expire after user close the browser.
And if he checks the remember me checkbox, set $config['sess_expire_on_close'] to FALSE like
if($this->input->post('remember')) $this->config->set_item('sess_expire_on_close', '0'); //'remember' is checkbox name.
now session will not expire after browser is closed. note: this solution is also tested on Opera, Mozilla, Chrome and ie9
回答2:
Try this, may be it help you
/ **
* Escape String
*
* @param string
* @param bool whether or not the string will be used in a LIKE condition
* @return string
*/
public function escape_str($str, $like = FALSE)
{
if (is_array($str))
{
foreach ($str as $key => $val)
{
$str[$key] = $this->escape_str($val, $like);
}
return $str;
}
$str = is_resource($this->conn_id) ? mysql_real_escape_string($str, $this->conn_id) : addslashes($str);
// escape LIKE condition wildcards
if ($like === TRUE)
{
return str_replace(array($this->_like_escape_chr, '%', '_'),
array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'),
$str);
}
return $str;
}
// --------------------------------------------------------------------
回答3:
Set in application/config/config.php:
$config['sess_expiration'] = 0;
$config['sess_expire_on_close'] = TRUE;
This should be OK.
回答4:
Why don't you use the CI session function to do that
http://www.codeigniter.com/userguide2/libraries/sessions.html
来源:https://stackoverflow.com/questions/14359806/why-the-codeigniter-session-does-not-expire-after-closing-the-browser