当用户关闭浏览器时，

You can't determine in PHP when the user closes the browser - as far as PHP is concerned, then the page is sent to the user, PHP is done with it.

而不是使用cookies，您可以 使用会话以获得与用户机器的更好的联系。你可以做一些事情，例如将会话超时设置为只有几分钟，但这将冒着一个风险，即一个慢读者或者他们的时间从一个页面到另一个页面的移动将被锁定。

Instead of using cookies, you could use sessions to get a better contact with the user machine. You could do something like setting the session timeout to only a few minutes, but this will run the risk that someone who is a slow reader or takes their time moving from page to page will be locked out.

如果你想成为一个真正意义上的用户注销，你可能需要做一些像javascript'ing在一个常规的签入，发送数据到服务器保持会话alive - 这个短会话时间可能排序 - 实现你正在寻找的结果。

If you want to be a real meanie when it comes to user logouts, you might have to do something like javascript'ing in a regular "check-in" that sends data to the server to keep the session alive - this along with a short session time might sort-of achieve the result you are looking for.

编辑：你发布的代码也显示旧 mysql _ * 函数，以及root用户和没有密码来访问数据库。请死神告诉我你刚刚插入该用户作为占位符。第二，请移动到PDO或mysqli，以避免让第一个恼火的用户遇到您的网站。

the code you posted also shows old mysql_* functions, along with root user and no password to access the database. Please dead god tell me you just inserted that user as a placeholder. Secondly, please move on to PDO or mysqli to avoid getting your website hosed by the first annoyed user that comes along.

您甚至不检查 $ _ POST 数据，其中包含用户名bob; drop table users;这意味着我可以弹出，您的网站是 kaput 。 Google SQL注入，修复您的代码。马上。认真。

You aren't even checking for $_POST data that contains a username of "bob; drop table users;" which means I could pop that in and your website is kaput. Google SQL Injection, fix your code. Right now. Seriously.

编辑2：正如Adnan所指出的，您可以将Cookie到期日期设置为 0 保持它只要会话是打开的。我一般认为，在cookie中保留用户名是伟大的，但留下一个密码由用户输入是更好的securitym你也可以采取这种方法。

Edit 2: As Adnan points out, you could set your cookie expiry date to 0 which will only keep it as long as the session is open. I generally think that keeping a username in a cookie is great, but leaving a password to be entered in by the user is better for securitym you could take this approach as well.

编辑3：根据您的代码：

Edit 3: based on your code:

<?php 
    $page="logout"; 
    $security=true; 
    session_start(); 
    if (!isset($_SESSION['EXPIRES']) || $_SESSION['EXPIRES'] < time()+3600) 
    { 
        session_destroy(); 
        $_SESSION = array(); 
    } 
    $_SESSION['EXPIRES'] = time() + 3600; 
    header("location: login_admin.php"); 
?> 

为什么不只是设置一个会话变量：

Why not just set a session variable along the lines of:

$_SESSION['isAdmin']=true;

当他们登录管理功能并将其更改为 false 当他们注销管理功能？无需关闭整个会话，只需更改其中保存的单个变量。

when they log into the admin functions and change it to false when they log out of the admin functions? No need to kill off the entire session, just change a single variable kept in it.