stackoom
  简体   繁体   中英

Killing session when browser is closing

 原文  2015-02-22 10:50:59       javascript/ c#/ asp.net/ asp.net-mvc-4

Question

I need to kill the session when the user closes the browser or redirects into some other page. I can see the following options of achieving this functionality:

  1. Use no session login. It's not my case, because I'd have to change a lot and I also use sessions for some other data.
  2. I could use something like this: 
window.onunload = window.onbeforeunload = (function () {
   ...
  })

And from this code call the action that cleans the session and performs logoff. Sounds nasty but what is also important - this JavaScript code works only in IE.

  1. I could create some nasty code that uses some dummy calls, let's say every minute, just to say the server that the user is still alive. But it's really nasty. It would use useless load on the server, lots of useless calls and in the case if some call was lost(because of the connection issue or something) the user would logg off.

Any other options?

2 answers

solution1
 3  2015-02-22 11:01:27

You've left off #4: Don't do anything, have sessions time out after a reasonable period (say, 20 minutes); if they try to do something on that page after being gone for 20 minutes, just show a page telling them their session has expired and to log in again. That's usually the simplest option.

If you don't want to do that, #3 is really your only viable option, but once/minute is probably overkill. Set the session timeout to 20 minutes, remember when the user has done something, and if they're idle for (say) 15 minutes do a proactive call on their behalf. But even then, I'd limit how much I'd do this, after a couple of hours you might want to just redirect them to the login page.

solution2
 0  2015-02-22 11:00:56

I think this answer is the right way to go:

In javascript, how can I uniquely identify one browser window from another which are under the same cookiedbased sessionId

Set a unique window id: 

window.windowIdClient = "{978d-478ahjff-3849-dfkd-38395434}"; //or another randomly generated id.

Store that windowId in the database, along with the ip-address and the session-id. If those three do not match than the user is logged out.

In addition, if didn't think of TJ Crowder's option, I use it myself.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Open SSO setting : Killing session on browser window closing Killing session value in Browser Close jQuery: remove a cookie when closing the browser (session cookie) how to triger some func when session destroy by closing browser in JS? How to stop end shiny session by closing the browser Kill session on popup close until the closing of browser Clear user session on closing browser in Wordpress javascript - ajax - to close session on closing browser in JAVA Invalidate session when closing the browser not working for other browsers apart from IE For loop is killing browser
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM