User still remains logged in, even if i try to set expiration to browser session

Hello guys!

I love Yii more and more every day, but some things are confusing as hell :ph34r:

I need a simple logic - log user in, and make sure he’s logged out when browser is closed. So, naturally, I code:

$identity=new UserIdentity($model->email,$password);

if($identity->authenticate()) {



User is being logged-in successfully, but he still remains logged-in, even after browser\whole machine\server is restarted (i think restarting server isn’t really something that would affect all this, but i tried it anyway, just in case there’s something wrong with session garbage collector or whatever is happening “under the hood”).

Firebug shows I only have “PHPSESSID” cookie that “expires” on session end - but it’s not really expiring.

So, I’m confused and have no idea whether it’s something I missed or Yii is missing,

I would appreciate any help very much! Tried search, found some cookie-related topics but none helped.


It appears such an unwanted behavior comes with firefox. Chrome works OK and user session is terminated on browser window close.

Thanks for your attention!

So is the cookie still there when you restart the browser? Then it’s not related to Yii. As you said a cookie with “expire on session end” should be deleted when you restart the browser.

Did you tried with another browser?

// Maybe you have some kind of auto-login setup in firefox?


Did you found what the problem was with firefox?. I have the 6.0 version and still have the same behavior with session.

Maybe Yii has a bit of guilt…

Probably related to this. Seems like this will never get fixed.