Could I do this and destroy the session on the browser window closing?

Thanks!

__________________
SkiLeases.com

You should use session_destroy()

If you set a cookie (or session), the session automatically destroys on browser close. By default, the cookie is only meant to stay alive for the life of the browser session (and usually 15 minutes of inactvity).

While that can be true for cookies (depending on the settings), that is not true for sessions. Sessions are stored on the server, the server has no way of knowing when you close your browser. Sessions are destroyed after a certain amount of time of inactivity.

You cant destroy a session when the browser closes. It requires a server side command to do close a session. Theoretically, you could have javascript make an ajax call to a script when the browser closes. Although I don't know if javascript can do this. While you can destroy the cookies that maintain the session ID's, they can be deliberately bypassed by modifying the cookies.

__________________

A simple rule to follow when dealing with cookies. When a user logs in or logs out, always run session_regenerate_id();

Village, and you are correct. The local session information is simply destroyed after x amount of time of inactivity. The AJAX call can happen, but is way more work then what its worth. The only viable way i could see anything coming close to working with what you described would be to
1) Frame the page, keeping one frame hidden.
2) When the hidden frame experiences the onunload event, pop open a new window of which will run the script to destroy the session.

Just an FYI for if you try it, you cannot make an AJAX call onunload. (IE specific I believe, works in firefox... may have that backwards though). I designed an ajax based chatroom before, and one of the ways of detecting if hte user had logged out was checking firing off an AJAX call onunload. One of the browsers wouldn't let it happen though.