Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > ending sessions when browser is closed

Reply
Thread Tools

ending sessions when browser is closed

 
 
Jennifer Smith
Guest
Posts: n/a
 
      01-14-2004
We have an environment running ASP on IIS5, where a user
logs in via an ASP login page and an entry is made to the
database recording the users login time and a database
session. If the user then clicks the logout link, the
database is update with their logout time and unlocks
their account by removing the database session.

The problem lies when the user closes the browser ("X").

When this happens, the IIS session is terminated, which is
okay, but the database does not get updated and their
database session is not removed. We have another process
which will then come along and remove inactive database
sessions after 10 minutes of inactivity. So, during this
period of time, the user would not be aloud to log back
in. I am trying to find a way to capture this scenario so
that I can make a call down to the database to force their
account to logout, hence removing the database session.

Any ideas whatsoever would be greatly appreciated.
 
Reply With Quote
 
 
 
 
Mark Schupp
Guest
Posts: n/a
 
      01-14-2004
From what I have seen in this group there is no reliable way to capture the
end of session when the user closes the browser.

you could modify your login function so that if it detects an active session
for the user attempting to log in:
tell the user that they have a session active
ask if they want to terminate that session and login again

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com


"Jennifer Smith" <(E-Mail Removed)> wrote in message
news:01cd01c3dac3$897526e0$(E-Mail Removed)...
> We have an environment running ASP on IIS5, where a user
> logs in via an ASP login page and an entry is made to the
> database recording the users login time and a database
> session. If the user then clicks the logout link, the
> database is update with their logout time and unlocks
> their account by removing the database session.
>
> The problem lies when the user closes the browser ("X").
>
> When this happens, the IIS session is terminated, which is
> okay, but the database does not get updated and their
> database session is not removed. We have another process
> which will then come along and remove inactive database
> sessions after 10 minutes of inactivity. So, during this
> period of time, the user would not be aloud to log back
> in. I am trying to find a way to capture this scenario so
> that I can make a call down to the database to force their
> account to logout, hence removing the database session.
>
> Any ideas whatsoever would be greatly appreciated.



 
Reply With Quote
 
 
 
 
Dan Boylett
Guest
Posts: n/a
 
      01-14-2004

"Peter Foti" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> > for the user attempting to log in:
> > tell the user that they have a session active
> > ask if they want to terminate that session and login again

>
> Of course, that would be a bad idea from a security point of view.


depends how its implemented - if every user has a unique ID/password/IP
address then I dont see why it would be a risk... the person logging on
should be the same person who logged off surely, or am I missing something
obvious? (Highly likely!)



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cookieless Sessions (Sessions Without Cookies) and Security scottymo ASP .Net Security 3 09-29-2006 11:00 PM
How can I prevent Sessions from ending just because the browser window is closed Christian Blackburn ASP .Net 8 06-21-2006 07:38 PM
Ending sessions when running in cookieless mode? Lauchlan M ASP .Net Security 0 10-07-2003 12:38 AM
Opera - .closed not accessible if window is closed? Matt Kruse Javascript 5 09-09-2003 01:27 AM
Re: Relationship between IIS Sessions and ASP.NET Sessions? Ken Cox [Microsoft MVP] ASP .Net 1 08-08-2003 03:22 PM



Advertisments