Browsers only destroy session cookies when the entire browser process is exited. There is no reliable method to determine if/when a user has closed a tab. There is an onbeforeunload handler you can attach to, and hopefully manage to make an ajax call to the server to say the tab’s closing, but it’s not reliable. … Read more
Purely in JavaScript supporting localStorage if available, otherwise using document.cookie. function getStorage(key_prefix) { // this function will return us an object with a “set” and “get” method // using either localStorage if available, or defaulting to document.cookie if (window.localStorage) { // use localStorage: return { set: function(id, data) { localStorage.setItem(key_prefix+id, data); }, get: function(id) { … Read more
You can’t do that from the htaccess file but You can change this line in your php.ini file. session.gc_maxlifetime = 1440 Update: it seems to be possible, so i stand corrected php_value session.gc_maxlifetime 3600 I haven’t tried this out though.
ASP.NET session cookies are HTTP only, regardless of the httpOnlyCookies setting linked to in your question, because this is burned into ASP.NET. You can’t override this. If you dig into the System.Web.SessionState.SessionIDManager class in the System.Web assembly the code for creating the ASP.NET session cookie looks like: private static HttpCookie CreateSessionCookie(string id) { HttpCookie cookie … Read more
The standard Servlet API doesn’t offer facilities for that. Best what you can do is to maintain a Map<HttpSession, String> yourself (where the String is the IP address) with and check on every ServletRequest if the HttpSession#isNew() and add it to the Map along with ServletRequest#getRemoteAddr(). Then you can get the amount of IP addresses … Read more
It’s fixed. It is now using sessions and consuming minute amounts of data. registry.register(new Scheme(“http”, PlainSocketFactory.getSocketFactory(), 80)); Removing that line fixes it, despite HttpClient never even using http/port 80. Why this works I have no idea.
According to PHP documentation, session_start must be called before any output is sent back to the browser– could this page have a rogue CR/LF, Unicode byte-order mark or similar that is causing output before you include(‘session-inc.php’)?
Here are few suggestions: Make sure that you are specifying the correct expiration format of date When setting a cookie on a page that redirects, the cookie must be set after the call to header(‘Location: ….’); eg: header(‘Location: http://www.example.com/’); setcookie(‘asite’, $site, time()+60*60, “https://stackoverflow.com/”, ‘site.com’); If you have human urls like www.domain.com/path1/path2/, then you must set … Read more
Use if (HttpContext.Current == null || HttpContext.Current.Session == null || HttpContext.Current.Session[“ShoppingCart”] == null) instead of if (Session[“ShoppingCart”] == null)
Capture the session id Session::getId() in Domain A send the captured session id via HTTP POST to Domain B Access the sent session id in domain B $sessionid_from_domainA = $_POST[‘session_from_A’] Set session in domain B Session::setId($sessionid_from_domainA) Start Session in domain B Session::start()