DrupalDrupal end session on closing the browser

Drupal end session on closing the browser

If you want to destroy a session when the browser closes , then check the settings.php file in the drupal installation the value to look is

ini_set('session.cookie_lifetime',  200000);

This is the default time ( 200000 seconds ) up till which Drupal will keep the session of a user active. Even if the user closes the browser without logging out, this session is kept active

This can be dangerous in some situations, for example if a single computer is used by different people and one person ( Person 1 ) just closes his browser ( without logging out )

If  the next person ( Person 2 ) tries to access the same site, then the session of the Person 1 is still active – this will allow Person 2 to see all data related to Person 1 without having to log in

To avoid this, we can make Drupal to destroy the session as soon as someone closes the browser by changing the setting to below

ini_set('session.cookie_lifetime',  0);

A value of ZERO means destroy the session immediately when the browser closes

This can also be annoying sometimes in single user environments – when the user has to give a password each time he closes and opens the browser – so use according to requirements 🙂

Categories: Drupal


No Comments Yet. Be the first?

Post a comment

Your email address will not be published. Required fields are marked *