Hot to forget user session when browser is closed? Laravel 5.6.

Published 1 month ago by anonymouse703

Hello everyone this problem has been posted 3 years ago and i don't see the answer here: https://laracasts.com/discuss/channels/general-discussion/how-to-close-session-when-browser-chrome-closed

Is there a way to logout user or forget user's session when browser is closed in Laravel 5.6?

Best Answer (As Selected By anonymouse703)
Cronix

Look at the /config/session.php file. It has this as default

/*
    |--------------------------------------------------------------------------
    | Session Lifetime
    |--------------------------------------------------------------------------
    |
    | Here you may specify the number of minutes that you wish the session
    | to be allowed to remain idle before it expires. If you want them
    | to immediately expire on the browser closing, set that option.
    |
    */

    'lifetime' => env('SESSION_LIFETIME', 120),

    'expire_on_close' => false,

change expire_on_close to true

Vilfago
anonymouse703

i'll check it dude @vilfago Thanks... but looking for more idea in Laravel new version.

jlrdw
jlrdw
1 month ago (251,320 XP)

but looking for more idea in Laravel new version

Session and cookies have not changed over the versions. If you did not setup remember me then user should be logged out if they close the browser.

Also, remind users to log out, hat doesn't hurt.

Many Banks even post a notice advising users to close the browser even if they did logout, just for added security.

anonymouse703

@jIrdw Where should i setup this "remember me "?

jlrdw
jlrdw
1 month ago (251,320 XP)

No you don't want"remember me " if you want user logged out.

anonymouse703

@jlrdw ahh okay man, so you have idea how to destroy the session?

anonymouse703

@jlrdw remember me doesn't work to me.

Cronix
Cronix
1 month ago (783,370 XP)

Look at the /config/session.php file. It has this as default

/*
    |--------------------------------------------------------------------------
    | Session Lifetime
    |--------------------------------------------------------------------------
    |
    | Here you may specify the number of minutes that you wish the session
    | to be allowed to remain idle before it expires. If you want them
    | to immediately expire on the browser closing, set that option.
    |
    */

    'lifetime' => env('SESSION_LIFETIME', 120),

    'expire_on_close' => false,

change expire_on_close to true

anonymouse703

@Cronix Thanks sir, already done that implementation...

Upon checking in my table in database sir why user_id is not null? When you used Auth::logout() the user_id is null... Is this not an issue? I've been curios on this observation.

Cronix
Cronix
1 month ago (783,370 XP)

I'm not sure if that matters. Once you close the browser and reopen it and navigate to your site, are you still logged in?

anonymouse703

sir @Cronix Can we add some code on the expire_on_close (original file)?

Cronix
Cronix
1 month ago (783,370 XP)

You can override anything in laravel. But, can you answer the question I asked? Are you still logged in if you close the browser or tab, reopen it and navigate to the site? The entries in the sessions table will get deleted naturally so you don't need to worry about that if that's what you're thinking. It just doesn't happen immediately (either do regular php sessions without laravel)

anonymouse703

Sorry I didn't notice your question sir @Cronix... Nope the User was logged out.. but when you login that user back new session id will be occurred for that but the old session id of that user is still active(I don't if it's the right term)... As what i tested:

  1. I logout specific user using Auth::logout(); and check database (session table) the user_id is returned to null.

  2. I closed the browser and re-open the browser again (with the link) the user was logged out. But when I checked the database (session table) the user_id was not return to null, instead a new session id was added to that user.

Cronix
Cronix
1 month ago (783,370 XP)

As I mentioned, don't worry about the data in the sessions db table. The stale sessions will be automatically deleted eventually. It uses a lottery system, so it's not immediate. They don't do anything though, as you can see because the user is still logged out when you revisit the site and they have to login again, which is what you were wanting.

Edit: If you want to increase the chances of the session being removed from the sessions table, the setting is again in /config/session.php

/*
    |--------------------------------------------------------------------------
    | Session Sweeping Lottery
    |--------------------------------------------------------------------------
    |
    | Some session drivers must manually sweep their storage location to get
    | rid of old sessions from storage. Here are the chances that it will
    | happen on a given request. By default, the odds are 2 out of 100.
    |
    */

    'lottery' => [2, 100],

However, I'd leave it. It can be an intensive process, and it's unnecessary to change unless you have millions of users and need the db space for performance reasons.

anonymouse703

Okay sir Thank you for the additional info.. you answered my curiosity..

  $users = Session::whereNotNull('user_id')->get();

This was i used to list all active user that's why I curios because in my view there's a lot of list when only 3 users are logged in.

Please sign in or create an account to participate in this conversation.