In my Zend Application, I am trying to make our authenticated users be automatically logged out when they close their browser.
在我的Zend应用程序中,我试图让经过身份验证的用户在关闭浏览器时自动注销。
For that I'd write following code:
为此,我写下面的代码:
ini_set('session.cookie_lifetime', 0);
And its working fine on browsers like Chrome, Safari, IE7 and IE8, but in case of firefox, users still remain logged on when they close their browser.
它在Chrome,Safari,IE7和IE8等浏览器上运行良好,但在Firefox的情况下,用户在关闭浏览器时仍然保持登录状态。
Does anyone know what is causing problem?
有谁知道造成什么问题?
Thanks In advance...
提前致谢...
1 个解决方案
#1
3
A value of 0 indicates "session cookie" - i.e. one that the browser should destroy when the "session" is over and the browser is closed.
值0表示“会话cookie” - 即当“会话”结束并且浏览器关闭时浏览器应该销毁的会话cookie。
However:
- Different browsers have different interpretations of exactly what a "session" is - some will destroy these cookies when your close the tab, some when you close the window, some won't destroy the cookies until all instances of the browser have been closed - all tabs in all windows.
- Since cookies are stored and transmitted by the client, they are completely the responsibility of the client. You should not rely on cookies alone to control whether a user has a valid login because they are ridiculously easy to spoof, you should implement some kind of activity timeout as well.
不同的浏览器对“会话”究竟是什么有不同的解释 - 有些会在你关闭标签时破坏这些cookie,有些会在你关闭窗口时破坏,有些不会破坏cookie直到浏览器的所有实例都关闭 - 所有所有窗口中的选项卡。
由于cookie由客户端存储和传输,因此它们完全由客户负责。你不应该单独依靠cookie来控制用户是否拥有有效的登录,因为它们非常容易被欺骗,你也应该实现某种活动超时。
Make sure you have actually ended your Firefox session when testing - close all open tabs and windows, and watch the process list to ensure there are no instances left. If you are still having a problem, you are probably looking at some kind of bug in Firefox (or maybe you've made some strange change in about:config) and you need to ask for Firefox-specific help - SuperUser.com would be a better place for that. One thing you can be fairly sure of is that if it works everywhere else, it's not a problem with your PHP.
确保在测试时实际结束了Firefox会话 - 关闭所有打开的选项卡和窗口,并查看进程列表以确保没有剩余实例。如果你仍然遇到问题,你可能正在考虑Firefox中的某种错误(或者你在about:config中做了一些奇怪的改变),你需要寻求特定于Firefox的帮助 - SuperUser.com将是一个更好的地方。您可以相当确定的一件事是,如果它在其他任何地方都可以工作,那么PHP就不是问题了。
#1
3
A value of 0 indicates "session cookie" - i.e. one that the browser should destroy when the "session" is over and the browser is closed.
值0表示“会话cookie” - 即当“会话”结束并且浏览器关闭时浏览器应该销毁的会话cookie。
However:
- Different browsers have different interpretations of exactly what a "session" is - some will destroy these cookies when your close the tab, some when you close the window, some won't destroy the cookies until all instances of the browser have been closed - all tabs in all windows.
- Since cookies are stored and transmitted by the client, they are completely the responsibility of the client. You should not rely on cookies alone to control whether a user has a valid login because they are ridiculously easy to spoof, you should implement some kind of activity timeout as well.
不同的浏览器对“会话”究竟是什么有不同的解释 - 有些会在你关闭标签时破坏这些cookie,有些会在你关闭窗口时破坏,有些不会破坏cookie直到浏览器的所有实例都关闭 - 所有所有窗口中的选项卡。
由于cookie由客户端存储和传输,因此它们完全由客户负责。你不应该单独依靠cookie来控制用户是否拥有有效的登录,因为它们非常容易被欺骗,你也应该实现某种活动超时。
Make sure you have actually ended your Firefox session when testing - close all open tabs and windows, and watch the process list to ensure there are no instances left. If you are still having a problem, you are probably looking at some kind of bug in Firefox (or maybe you've made some strange change in about:config) and you need to ask for Firefox-specific help - SuperUser.com would be a better place for that. One thing you can be fairly sure of is that if it works everywhere else, it's not a problem with your PHP.
确保在测试时实际结束了Firefox会话 - 关闭所有打开的选项卡和窗口,并查看进程列表以确保没有剩余实例。如果你仍然遇到问题,你可能正在考虑Firefox中的某种错误(或者你在about:config中做了一些奇怪的改变),你需要寻求特定于Firefox的帮助 - SuperUser.com将是一个更好的地方。您可以相当确定的一件事是,如果它在其他任何地方都可以工作,那么PHP就不是问题了。