Steven Donovan - 2009-04-08 20:15:45
I built a site to let our medical students view grades and submit peer evaluation on their teammates. I am trying to figure out a way to end the session if they do not use the "logout" button and instead just close the browser.
I have read that this would do the trick:
ini_set('session.cookie_lifetime', 0);
I first have the user bind to an LDAP server to authenticate their campus login. Then check if they are a medical student. If they are I do the following:
$_SESSION['authuser'] = $authuser;
$_SESSION['sid'] = session_id();
&authuser being their campus username they logged in with.
Then before each of my functions (ex: viewgrades()...peereval()) on my index.php page I used this:
if (!$_SESSION['authuser']) {
header("Location: modules.php?name=$module_name&op=DisplayLogin");
exit;
}
At the very top of my page before any function I have this:
ini_set('session.cookie_lifetime', 0);
session_start();
if (!isset($_SESSION['sid']) && (!isset($_SESSION['authuser']))) {
$authuser = '';
} else {
$authuser = $_SESSION['authuser'];
}
I login view grades, close browser, open new browser and I can still see grades without logging in again.
I've been stuck for a week.
Help.
