Home > Drupal > Drupal end session on closing the browser

Drupal end session on closing the browser

If you want to destroy a session when the browser closes , then check the settings.php file in the drupal installation the value to look is

ini_set('session.cookie_lifetime',  200000);

This is the default time ( 200000 seconds ) up till which Drupal will keep the session of a user active. Even if the user closes the browser without logging out, this session is kept active

This can be dangerous in some situations, for example if a single computer is used by different people and one person ( Person 1 ) just closes his browser ( without logging out )

If  the next person ( Person 2 ) tries to access the same site, then the session of the Person 1 is still active – this will allow Person 2 to see all data related to Person 1 without having to log in

To avoid this, we can make Drupal to destroy the session as soon as someone closes the browser by changing the setting to below

ini_set('session.cookie_lifetime',  0);

A value of ZERO means destroy the session immediately when the browser closes

This can also be annoying sometimes in single user environments – when the user has to give a password each time he closes and opens the browser – so use according to requirements 🙂

Categories: Drupal
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: