Login Snippet: Logout on browser close and session time out

Is there a way to automatically logout a logged in user via the Login Snippet once the user closes there browser window? Is this something that can also be done by a session timeout.

Another idea I had is to test each time a page is loaded to see if the previous page (browser history backlink) exists. If not, the browser window must be a new one and therefore any previous sessions should be logged out or ended.

• MODX Version:2.2.8
• PHP Version:5.3.26
• Database (MySQL, SQL Server, etc) Version:MySQL 5.1.70

All advice welcome.

Do you use the Login add-on?

This is default behavior of this Login snippet.. Tested it right away with 2.2.8-pl in Firefox. If I login and close the browser, re-open it, I won't be logged in.

However, the Login snippet has a rememberMeKey option, make sure that you don't set or include a input named rememberMe. http://rtfm.modx.com/extras/revo/login/login.login#Login.Login-Properties

Yes, I am using the Login add-on and as you mentioned above @hvoort the user is logged out if they quit there browser whilst logged in. When they restart the browser the user is no longer logged in.

BTW my Login snippet call is:



The case that I am looking for is how to log the user out when they close the browser window or tab and then create a new window or tab and visit the website again. In this case the users session is still alive and thus has access to the site. This is important especially on shared computers in internet cafes and other public places. Not all users quite there browsers once they are finished with them.

Perhaps setting a session timout may help somehow but I am not sure how to do that.

I see your problem. You can try changing the session time in system settings. In the manager select system settings and area: session and cookies.

Next to that you can try to work with "onbeforeunload" event from the browser. You should Google the cross browser compatibility. I've read that a request won't finish before the tab is closed, but maybe you can delete the cookie before closing.

Or learn your users how to use the logout button ;-)

Hope this helps!

session_cookie_lifetime in System Settings looks to be what I am looking for. Does this also affect Logged in managers as opposed to front end web users? If so is there a way to set a different session_cookie_lifetime for mngr and web users?

Don't miss this thread http://forums.modx.com/index.php?topic=58251.0

Using rememberme & session timeout is not a secure solution in your case. You could try writing a postHook for the Login snippet where you change the timeout of the session (cookie) if that is possible. I'm not sure.