3

I am developing one aspnet application in that i am using Sessions. if user login into the application and click on logout here i am closing session.

suppose if the user doesn't click on the logout and he close the browser. how to kill the session when user closed the browser without logout

Cœur
  • 37,241
  • 25
  • 195
  • 267
kumar
  • 1,117
  • 13
  • 34
  • 58
  • Rippo,what wrong in my asking questions Is there any mistake? – kumar May 26 '10 at 06:39
  • Nothing wrong in asking questions, I salute you, although if people go to the trouble to answer then it makes sense to at least accept some as the correct answer. Also it helps other S.O. users find answers to common questions, after all it is a community driven site! – Rippo May 26 '10 at 06:45
  • Excellent, hope you get a good answer, maybe you can revisit some of your old questions and accept answers there! :) – Rippo May 26 '10 at 07:10

3 Answers3

7

Very difficult task:

  • use sessions with very smalll timeout /you will have expiration/

  • use hidden script/iframe to ping server /you will have connection/

  • handle onunload event in window /can be bypassed/

Code sample:

window.onunload = function ()  
{    
    if((window.event.clientX<0) && (window.event.clientY<0)) {

       window.open("logoff.aspx");                  
    }    
}
Fredrik Mörk
  • 155,851
  • 29
  • 291
  • 343
blazzerbg
  • 36
  • 3
  • +1 I have used `window.onunload` before but still found some problems esp with bots, mobile devices etc. In the end I changed my business logic. – Rippo May 26 '10 at 06:28
3

There is no way your application can know that the user has closed the browser. Session will be closed based on Session.Timeout

If the user does not refresh or request a page within the time-out period, the session ends.

user348382
  • 83
  • 4
1

You can define what should happen when a Session expires in Global.asax.cs.

protected void Session_End(Object sender, EventArgs e)
{
    // Do stuff here...
}

Edit: There is no way for the web server to know that you have closed a web browser.

Johan Olsson
  • 715
  • 11
  • 22
  • 1
    You cannot guarantee this will ***ALWAYS*** work as a application recycle will not fire this event. Also note is that Session_End is fired only in InProc (in-process) mode. – Rippo May 26 '10 at 06:25