| [reply] |
I explain the problem a little bit further in this node: 538997
Maybe I could do as you suggested and delete the session when the member clicks the activation link in the mail.
| [reply] |
Do you understand that this only happens with multiple windows of the same running browser? If different users each log in to the computer and run a browser, they are not sharing the same one. If a user logs in and never logs out, and someone else shares that same account on the same computer, then of course the session on your site will remain in effect. All that you do about that is use a short inactivity period on your sessions. | [reply] |
I don't know if there is a difference with open up new browser windows or open up a new browser window from an already open browser? My problem occurs when I open up new browser windows.
I thought that the session would expire if the user would close the browser? Is there a way to force this behaviour?
| [reply] |
Depends on your browser. Under windows & most unixes (except mac osx), closing all browser windows will stop the browser process, and should delete all session cookies.
Under Mac OS-X this doesn't work, and you should use the "Quit" menu item. That method will probably work for all browsers everywhere.
Note that this only works for real session cookies, i.e. cookies that have no expiry date. Cookies with an expiry date are held untill they expire or invalidated by the server.
update: for the real details, see RFC 2109
| [reply] |