1

I am building a webapp in Laravel 4.1, and I wish to force logout on browser / tab close.

A bit like your typical bank does... You log into your online banking, close the window, then go back to the site, you need to log back in again.

I have set the following in my app/config/sessions.php

    'driver' => 'file',

'lifetime' => 0,

'expire_on_close' => true,

Safari and Firefox appear to work properly, however Chrome seems to keep the session cache as valid meaning that the user is logged in when they browse to my site.

Is there any way I can force Chrome to not keep the user logged into my site? Maybe there is something I can do in htaccess or similar?

Gravy
  • 12,264
  • 26
  • 124
  • 193

1 Answers1

0

As far as I can tell, Chrome does not have a specific issue when it comes to session cookies. I just tested my own app on Firefox, Safari and Chrome and the behaviour was the same for all three.

I would recommend opening up the Developer Tools in Chrome, clicking on the "Resources" menu and checking the cookies for your site. If things are working correctly, the cookie for your site should be listed with a value of "Session" in the "Expires / Max-Age" column. If not, then your app may not be setting the cookie correctly. Or you may have an old cookie hanging around, so just delete the cookie and try again.

BTW - Laravel 4.1 overrides PHP's native session handling and does everything itself, INCLUDING garbage collection. And it gets its session lifetime value from the 'lifetime' value above. So if you stick with your current settings, you are going to end up with ALL of your logged in users being logged out every time garbage collection runs (which, by default, will be 2 in 100 requests). You should change 'lifetime' to some value like 1440. I wrote a lengthy article on this problem just today in fact:

http://yetanotherprogrammingblog.com/content/laravel-40-41-session-configuration-problem-solved

JamesG
  • 4,288
  • 2
  • 31
  • 36