Detecting page refresh and solution for removing data from session info from the db

I've tried reading the existing posts on this subject, but haven't found a solution that works for me. I'm sure this is a common problem and someone probably has implemented a solution...if so, and you could help me out I would really appreciate it.

I have a webapp that needs to execute a logout script when the user either closes the browser, or leaves the site and goes to another website. I know the javascript onUnload event will take care of this and I've written an aja开发者_StackOverflowx call to my php script to handle the logout. It works great. However, if the user presses Refresh the onUnload gets executed and removes the cookie and session information, thus logging the user out, which on a page refresh I don't want to do.

I could set the cookie to expire in say 5 seconds if they navigate off the page (other posts suggested doing this), which would work fine, however, my real problem comes because I'm storing session data in the database and need to delete the session data out of the database, so just setting the cookie to expire as suggested in other posts, only takes care of part of the problem. I need the database session information removed because I'm using the session information to maintain a certain number of concurrent logins for each account.

How can I solve this? Anyone had a similar problem and solution they would share? Thanks.

I need the database session information removed because I'm using the session information to maintain a certain number of concurrent logins for each account.

Can you store a last-access time? You can then prune old last-access sessions (e.g. those older than one day). As a user convenience, put a message saying "you have automatically been logged out due to inactivity" when the user accesses the site with invalid or old session.

Decided the best option was to just put the logout script in the unload of the page and call use ajax to update the db via the php. The refresh in my app has no need to be used, so if it logs out the user it's ok, once the user does it once or twice they won't do it again.