Click here to Skip to main content
15,034,331 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hi, My application works on windows authentication, how to kill the session when user closes the window?
Posted
Comments
Volynsky Alex 11-Aug-12 9:08am
   
Try read about your question here:
http://www.liferay.com/community/forums/-/message_boards/message/2948770
http://stackoverflow.com/questions/1921941/close-kill-the-session-when-the-browser-or-tab-is-closed
http://stackoverflow.com/questions/1371757/how-to-kill-a-application-session-when-a-browser-window-is-closed

Shortly: you can not.

As web applications use http, and http is stateless, you can not know for sure what happens on client side, since there is no connection between client and server. The only thing that can be used to keep track of it is the session. And the session is kept by the server as long as it was set up to be kept, or the application is closing it.
So if you want to close the session, you have to initiate it from the server. Thus the server side part of your application has to be notified about browser closure. Deleting the session cookie on client side won't close the session on server side.
You might try to catch events like leaving your site, closing a browser window, but this is only part of the situations how the user could leave your application: might loose network connection, kill the browser, browser might crash, and so on. These event will be never caught by your application. Thus you can not rely on client side.
Although you can use the normal events, but be aware, that there is no guarantee, that these will arrive on server side. Read this article: Window Close Event of Browser[^]
What you also can do:
- optimize session timeout
- give a countdown timer to the user and warn him, if time is running out (and do an ajax postback if user wants to continue)
- do automatic keepalive postbacks (be careful not to use this if slow or expensive connection is in place)
- encourage the user to log out
   
v2
Read this[^].
   
You can create an asmx web service file and put a class in it simliar to this:
C#
[System.Web.Script.Services.ScriptService]
public class Clearing : System.Web.Services.WebService
{
        [WebMethod(EnableSession = true)]
        public bool KillSession()
        {
                HttpContext.Current.Session.Clear();
                return true;


        }
}

Then, on your page
XML
<asp:ScriptManagerProxy ID="smp1" runat="server">
                <Services>
                        <asp:ServiceReference Path="NameOfYourAsmxFile.asmx" />
                </Services>
        </asp:ScriptManagerProxy>

And finally, in javascript from your onunload function:
ret = Clearing.KillSession(OnKillSessionComplete, OnServiceError, OnServiceError);
   
Immediately you can not clear the session, whatever you can try, try them but nothing will work.

Only thing you can do is, add code in you global.ascx file's Onsession_End add the code to clear what ever you want to clear.
   
VB
HttpContext.Current.Session.Abandon()
   
v2

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900