Click here to Skip to main content
14,883,063 members
Please Sign up or sign in to vote.
4.00/5 (1 vote)
See more: , +
Hi All,

Am using Angular 10 along with Web API. We are using SAML authentication process and so we are just feeding the credentials to SAML while logging in and the rest is being taken care by SAML. It means that the session is also being created by SAML.

While logging out, we are calling a url being provided by SAML to end the session:
JavaScript
this.document.location.href = String.Format(environment.EndSessionUrl,this.idToken,this.globalVariables.LogoutUrl);

EndSessionUrl : "https://sam.samexternal.net:443/sso/oauth2/connect/endSession?&id_token_hint={0}&post_logout_redirect_uri={1}

Now, while closing the browser, I cannot be able to clear localStorage and end the session.

What I have tried:

I have to perform three things on browser close:
1) set "false" in database column
2) clear localStorage
3) end the session

Here is what I did:

JavaScript
@HostListener('window:beforeunload')
    onBeforeUnload(): void {
      debugger;
      if (localStorage.getItem("LoggedInUserSubId")!=null)  {

      fetch('http://localhost:60606/api/Auth/updateUserLogInStatus?userSubId=' + localStorage.getItem("LoggedInUserSubId") + '&logInStatus=false', {
        keepalive: true,
        method: 'POST',
        headers: {
          'Content-Type': 'application/json; charset=utf-8',
        },
        //body: JSON.stringify(infoIWantToSent),
      })
        .then(response => {
          localStorage.removeItem("LoggedInUserSubId");
          this.document.location.href = String.Format(environment.EndSessionUrl,this.idToken,this.globalVariables.LogoutUrl);
        });
    }
    }


With this code, I can be able to set "false" in database column.
But, the localStorage still remains and session still remains active and when user try to login again, it doesn't ask for login credentials anymore as the session is active.

Please help with some ideas that might work in this scenario.

-- Thanks
Posted
Updated 2-Dec-20 23:28pm
v2

1 solution

You cannot redirect the user to another page in the beforeunload event. If you could, every malicious site on the net would use that tactic to prevent you from leaving their site - as soon as you try to close the browser or tab, or navigate away from the page, the site would open itself again.

You may also have issues making an asynchronous request from the beforeunload event. Again, if the script has to wait for the server to respond, a malcious site could request a particularly long-running request and force you to stay on the page for longer. You might want to consider using sendBeacon in the unload event instead:
Navigator.sendBeacon() - Web APIs | MDN[^]
   
v2
Comments
Member 11072126 6-Dec-20 19:26pm
   
Thanks @Richard - I will try this and let you know if it works.
Member 11072126 7-Dec-20 8:04am
   
@Richard Deeming
Hi, I read through sendBeacon() and what I understood is that this is used to send some data on page unload. In my case, am able to update data in my database using fetch but cannot be able to end the session on browser close. since am using SAML authentication, so the session is being created by them and I cannot be able to end the session on browser close.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900