how to unset session variable when leaving page

[Co]

Hi All,

I use a session variable to search for certain data in my records.
When a submit button is hit a session var gets filled with what I am
looking for.

if(isset($_POST['listByq']) && $_POST['listByq'] != "add") {
unset($_SESSION['listByq']);
unset($_SESSION['valueByq']);
$option = "";
$_SESSION['listByq'] = $_POST['listByq'];
if(isset($_POST['fname'])) { $_SESSION['valueByq'] =
$_POST['fname']; }
if(isset($_POST['country'])) { $_SESSION['valueByq'] =
$_POST['country']; }
}

If I browse to the next page but still using the same search query I
check again:

// IF WE HAVE A SESSION THEN FILL $OPTION WITH A VALUE
if(isset($_SESSION['listByq'])) {
$option = $_SESSION['listByq'];
if ($option == "by_country") {
$country = $_SESSION['valueByq']; //$_POST['country'];

$queryString = "WHERE country='$country' AND email_activated='1'";
$queryMsg = "Showing Members from the country you searched for";

} else if ($option == "by_firstname") {

$firstname = $_SESSION['valueByq']; //
$_POST['fname'];
$firstname = stripslashes($firstname);
$firstname = strip_tags($firstname);
$firstname = eregi_replace("`", "", $firstname);
$firstname = mysql_real_escape_string($firstname);
$queryString = "WHERE rank LIKE '%$firstname%' OR firstname LIKE '%
$firstname%' OR lastname LIKE '%$firstname%' AND email_activated='1'";
$queryMsg = "Showing Members with the name you searched for";

} else if ($option == "newest_members") {

$queryString = "WHERE email_activated='1' ORDER BY id DESC";
$queryMsg = "Showing Newest to Oldest Members";
}

} // end of if(isset($_SESSION....

This is all working like I want but when the user leaves the page and
returns later the session var is still
filled with the last search. I tried to clear the session var at the
beginning of the page but then when I browse
to the next page the session var will also be emptied.

Is it possible to clear the session var when leaving the page?

Marco

[Co]

[Jerry Stuckle]

On 6/27/2011 2:35 PM, Co wrote:
> Hi All,
>
> I use a session variable to search for certain data in my records.
> When a submit button is hit a session var gets filled with what I am
> looking for.
>

> if(isset($_POST['listByq'])&& $_POST['listByq'] != "add") {

As you've been told many times. PHP HAS NO IDEA WHEN THE USER LEAVES
YOUR PAGE. By the time the page shows up in the user's browser, the PHP
script has completed and sent all its data to the client.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstu...@attglobal.net
==================

[Doug Miller]

In article <fdb4f334-c961-4c2c...@x12g2000yql.googlegroups.com>, Co <voncla...@gmail.com> wrote:
[snip lots of irrelevant stuff]

>Is it possible to clear the session var when leaving the page?

No. Think about it: your PHP script runs on *your server*. Suppose I'm
visiting your web site, then navigate away to, say, Google. That page is
served by *Google's* server -- how do you imagine that it might be possible
for your server to know that I did that?

The *only* thing your PHP script knows about is what gets sent to it from the
browser. There is no way at all by which your script can tell the difference
between these scenarios, because *none* of them result in the browser sending
anything to your script:
a) Your page is still displayed on my screen and I'm looking at it;
b) Your page is still displayed on my screen, but I'm no longer looking at it
because I stepped out for coffee;
c) Your page is still open in my browser but I'm no longer looking at it
because I'm watching something more interesting in a different tab;
d) Your page is no longer displayed on my screen because I navigated to some
other web site;
e) Your page is no longer displayed on my screen because I turned my computer
off and went to bed;
f) Your page is no longer displayed on my screen because alien invaders from
Proxima Centauri have reduced my entire city to a glowing heap of radioactive
slag.

[Mick Gurling]

We Proxima Centaurians would never do that!
We like Earthlings
(Especially with onions and a little Franks Red Hot Sauce).

[unknown]

On Mon, 27 Jun 2011 17:29:55 -0400, Jerry Stuckle
<jstu...@attglobal.net> wrote:

[done]

>
>As you've been told many times. PHP HAS NO IDEA WHEN THE USER LEAVES
>YOUR PAGE. By the time the page shows up in the user's browser, the PHP
>script has completed and sent all its data to the client.

Of course you COULD put one or more big DONE buttons (triggering
another PHP script) on the page and hope the user follows
instructions.

[Jerry Stuckle]

That doesn't solve the problem - because a large percentage of people don't.

[Martin]

I've had to do this before and simply added a body onunload event
listener to the page:

<body onunload="clearSession()">

Calls a javascript function:

function clearSession(){
// here make a request to a PHP script called clear_session.php
}

Finally the clear_session.php script:

<?php
unset($_SESSION['myVar'];
?>

Martin.

[Jerry Stuckle]

On 6/30/2011 11:41 PM, Martin wrote:
> On Jun 27, 7:48 pm, Co<vonclausow...@gmail.com> wrote:
>> Hi All,
>>
>> I use a session variable to search for certain data in my records.
>> When a submit button is hit a session var gets filled with what I am
>> looking for.
>>

>> if(isset($_POST['listByq'])&& $_POST['listByq'] != "add") {

Which is not at all reliable. Better to code the server side properly.

[Martin]

On Jun 27, 7:48 pm, Co <vonclausow...@gmail.com> wrote:

I've had to do this before and achieved it by calling a server-side
script when the web page is unloaded.

In the web page HTML i add an event handler for the body onunload
event:

<body onunload="endSession()">

A javascript function calls the script - use whatever method to call
the script that you are familiar with:

function endSession(){
// here call your server-side script, let's call it end_session.php
}

Finally end_session.php can simply unset your session variable:

<?php
unset $_SESSION['myVar'];
?>
Martin.

[Doug Miller]

In article <57e91bee-b606-473f...@d1g2000yqm.googlegroups.com>, Martin <warw...@gmail.com> wrote:
>On Jun 27, 7:48=A0pm, Co <vonclausow...@gmail.com> wrote:
[...]

>> Is it possible to clear the session var when leaving the page?
>>

>I've had to do this before and simply added a body onunload event
>listener to the page:
>
><body onunload="clearSession()">
>
>Calls a javascript function:

Which obviously doesn't work _at all_ if the visitor's browser has javascript
disabled.

[Denis McMahon]

On Fri, 01 Jul 2011 05:36:55 -0400, Jerry Stuckle wrote:

> On 6/30/2011 11:41 PM, Martin wrote:
>> On Jun 27, 7:48 pm, Co<vonclausow...@gmail.com> wrote:

>>> [how do I clear a session when leaving a page]

>> [onunload javascript event calling a server side script]

> Which is not at all reliable. Better to code the server side properly.

Yes it's unreliable, and in this case there is a server side solution
(after all, the server knows which page is being requested, and the
referring page, and the contents of any post or get data, so in this case
there is a server side solution).

However, concerns about relying on javascript aside, using an unload
javascript event to call back to the server when the page is unloaded is
as far as I know the only active method that can be used to signal that
the user has browsed away from a web page, as opposed to passive methods
based on session timeouts. Yes, I agree that it is not perfect, and it
needs to be backed up with a session timeout anyway, but it's the only
mechanism that provides for even a chance of the visitor's browser
actively telling the server "byebye".

Unless, of course, you have a better method to suggest to us.

There is I believe another flaw in the logic that underlies the OP's
code, and it's a flaw that caught me out when I started using sessions.
He needs to consider the possibility that his visitor will have multiple
pages from his website open at once in different tabs, and these will all
be part of the same session.

Thus it is possible for:

request page 1 from google search [lastPage = null, ref = google]
request page 2 from page 1 [lastPage = 1, ref = 1]
request page 3 from page 2 [lastPage = 2, ref = 2]
request page 4 from page 1 [lastPage = 3, ref = 1]
request page 5 from page 2 [lastPage = 4, ref = 2]

If he is tracking the current page in his session data contents, then at
the point page 5 is requested, he may be assuming the visitor is coming
from page 4 unless he also tracks the referrer at each request. I didn't
see any indication in his code that he does this.

Of course, it may not matter, but then if it doesn't matter, I wonder why
he's worrying about the issue of unsetting session data when the users
browses to another page anyway.

Rgds

Denis McMahon

[Jerry Stuckle]

On 7/1/2011 8:00 AM, Denis McMahon wrote:
> On Fri, 01 Jul 2011 05:36:55 -0400, Jerry Stuckle wrote:
>
>> On 6/30/2011 11:41 PM, Martin wrote:
>>> On Jun 27, 7:48 pm, Co<vonclausow...@gmail.com> wrote:
>
>>>> [how do I clear a session when leaving a page]
>
>>> [onunload javascript event calling a server side script]
>
>> Which is not at all reliable. Better to code the server side properly.
>
> Yes it's unreliable, and in this case there is a server side solution
> (after all, the server knows which page is being requested, and the
> referring page, and the contents of any post or get data, so in this case
> there is a server side solution).
>
> However, concerns about relying on javascript aside, using an unload
> javascript event to call back to the server when the page is unloaded is
> as far as I know the only active method that can be used to signal that
> the user has browsed away from a web page, as opposed to passive methods
> based on session timeouts. Yes, I agree that it is not perfect, and it
> needs to be backed up with a session timeout anyway, but it's the only
> mechanism that provides for even a chance of the visitor's browser
> actively telling the server "byebye".
>
> Unless, of course, you have a better method to suggest to us.
>

You code your scripts so they don't depend on the session being cleared
when the user leaves the page. Rather, I look at the incoming data to
see how the page needing the session data was requested, and start from
scratch if it's a new request, i.e. to a search page. Another way when
you have multiple pages in a sequence is to place a token in a hidden
field on each page, identifying where the user is in the series. Not
secure, but it doesn't look like the user is looking for security here,
anyway.

I've never had to worry about clearing the session data when the user
leaves the page.

> There is I believe another flaw in the logic that underlies the OP's
> code, and it's a flaw that caught me out when I started using sessions.
> He needs to consider the possibility that his visitor will have multiple
> pages from his website open at once in different tabs, and these will all
> be part of the same session.
>
> Thus it is possible for:
>
> request page 1 from google search [lastPage = null, ref = google]
> request page 2 from page 1 [lastPage = 1, ref = 1]
> request page 3 from page 2 [lastPage = 2, ref = 2]
> request page 4 from page 1 [lastPage = 3, ref = 1]
> request page 5 from page 2 [lastPage = 4, ref = 2]
>
> If he is tracking the current page in his session data contents, then at
> the point page 5 is requested, he may be assuming the visitor is coming
> from page 4 unless he also tracks the referrer at each request. I didn't
> see any indication in his code that he does this.
>
> Of course, it may not matter, but then if it doesn't matter, I wonder why
> he's worrying about the issue of unsetting session data when the users
> browses to another page anyway.
>
> Rgds
>
> Denis McMahon

Other than the fact the HTTP_REFER is not reliable either, it's ok.

[Peter H. Coffin]

Or crashes.

--
86. I will make sure that my doomsday device is up to code and properly
grounded.
--Peter Anspach's list of things to do as an Evil Overlord