We have an environment running ASP on IIS5, where a user
logs in via an ASP login page and an entry is made to the
database recording the users login time and a database
session. If the user then clicks the logout link, the
database is update with their logout time and unlocks
their account by removing the database session.
The problem lies when the user closes the browser ("X").
When this happens, the IIS session is terminated, which is
okay, but the database does not get updated and their
database session is not removed. We have another process
which will then come along and remove inactive database
sessions after 10 minutes of inactivity. So, during this
period of time, the user would not be aloud to log back
in. I am trying to find a way to capture this scenario so
that I can make a call down to the database to force their
account to logout, hence removing the database session.
Any ideas whatsoever would be greatly appreciated.
5  2421 
From what I have seen in this group there is no reliable way to capture the
end of session when the user closes the browser.
you could modify your login function so that if it detects an active session
for the user attempting to log in:
tell the user that they have a session active
ask if they want to terminate that session and login again
--
Mark Schupp
Head of Development
Integrity eLearning www.ielearning.com
"Jennifer Smith" <an*******@discussions.microsoft.com> wrote in message
news:01****************************@phx.gbl... We have an environment running ASP on IIS5, where a user
logs in via an ASP login page and an entry is made to the
database recording the users login time and a database
session. If the user then clicks the logout link, the
database is update with their logout time and unlocks
their account by removing the database session.
The problem lies when the user closes the browser ("X").
When this happens, the IIS session is terminated, which is
okay, but the database does not get updated and their
database session is not removed. We have another process
which will then come along and remove inactive database
sessions after 10 minutes of inactivity. So, during this
period of time, the user would not be aloud to log back
in. I am trying to find a way to capture this scenario so
that I can make a call down to the database to force their
account to logout, hence removing the database session.
Any ideas whatsoever would be greatly appreciated.
"Jennifer Smith" <an*******@discussions.microsoft.com> wrote in message
news:01****************************@phx.gbl... We have an environment running ASP on IIS5, where a user
logs in via an ASP login page and an entry is made to the
database recording the users login time and a database
session. If the user then clicks the logout link, the
database is update with their logout time and unlocks
their account by removing the database session.
The problem lies when the user closes the browser ("X").
When this happens, the IIS session is terminated, which is
okay, but the database does not get updated and their
database session is not removed. We have another process
which will then come along and remove inactive database
sessions after 10 minutes of inactivity. So, during this
period of time, the user would not be aloud to log back
in. I am trying to find a way to capture this scenario so
that I can make a call down to the database to force their
account to logout, hence removing the database session.
Any ideas whatsoever would be greatly appreciated.
Unfortunately, there's no reliable way to do it. You could try using
Session_OnEnd() event, but that's not reliable either. Note, that the
behavior you describe above is not really that bad. I have some credit card
websites that will do the same thing to me if I don't logout. They usually
display a message notifying the user that the open session will
automatically close after X number of minutes (in other words, try back in a
few minutes).
You could try storing a cookie on the client, but I don't think I would
recommend that option.
Regards,
Peter Foti
"Mark Schupp" <ms*****@ielearning.com> wrote in message
news:uZ**************@tk2msftngp13.phx.gbl... From what I have seen in this group there is no reliable way to capture
the end of session when the user closes the browser.
you could modify your login function so that if it detects an active
session for the user attempting to log in:
tell the user that they have a session active
ask if they want to terminate that session and login again
Of course, that would be a bad idea from a security point of view.
Regards,
Peter Foti
"Peter Foti" <pe***@Idontwantnostinkingemailfromyou.com> wrote in message
news:10*************@corp.supernews.com... for the user attempting to log in:
tell the user that they have a session active
ask if they want to terminate that session and login again
Of course, that would be a bad idea from a security point of view.
depends how its implemented - if every user has a unique ID/password/IP
address then I dont see why it would be a risk... the person logging on
should be the same person who logged off surely, or am I missing something
obvious? (Highly likely!)
"Dan Boylett" <ms*******@crossdata.co.uk> wrote in message
news:eW*************@tk2msftngp13.phx.gbl...
"Peter Foti" <pe***@Idontwantnostinkingemailfromyou.com> wrote in message
news:10*************@corp.supernews.com... for the user attempting to log in:
tell the user that they have a session active
ask if they want to terminate that session and login again
Of course, that would be a bad idea from a security point of view.
depends how its implemented - if every user has a unique ID/password/IP
address then I dont see why it would be a risk... the person logging on
should be the same person who logged off surely, or am I missing something
obvious? (Highly likely!)
For the most part, you are correct... the average Joe would not know the
next guys username info and the person logging on *should* be the same
person. The problem, though, is that a hacker could be trying to gain
access to the system, and if it ended your session every time he tried to
login with your username, then that would be bad. It's a very small
security risk, but a risk none the less.
Regards,
Peter This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Theo |
last post by:
Question for the group
The authentication system for the site Im working on seems to function
properly and all is good. A session keeps track of everything and a
cookie is used to accept or deny...
|
by: Bartosz Wegrzyn |
last post by:
I need help with sessions.
I createt set of web site for nav with authorization.
first I go into main.php which looks like this:
<?php
//common functions
include_once '../login/common.php';...
|
by: Darrin J Olson |
last post by:
I am trying to end a session for a site without having to completely close
the browser to end it.
When I access the site and log in it works fine. If I log out and in with a
different account...
|
by: Pavils Jurjans |
last post by:
Hello, I have a couple of unclear questions about ASP.NET sessions:
First, I'd like to have some way to see how many sessions currently are
running on the certain application, and, possibly, have...
|
by: newbie |
last post by:
My application_end event in global.asax is not working as-is. In order
to debug, I want to call it from another file, say debug.aspx through a
button, e.g. "end application". How do I call...
| | |
by: Atte André Jensen |
last post by:
Hi
I'm developing a site where I'd like to store information during a users
visit. So far I've been using sessions, but as far as I can tell it's
not possible to control for how long a session...
|
by: Christian Blackburn |
last post by:
Hi Gang,
I would like to have my application retain sessions even after the user
closes their browser window, up unil the time the session is supposed
to time out. Right now if the user closes...
|
by: Atli |
last post by:
Introduction:
Sessions are one of the simplest and more powerful tools in a web developers arsenal. This tool is invaluable in dynamic web page development and it is one of those things every...
|
by: jheines |
last post by:
I am trying to explain how cookies and sessions work in a class I teach, but I have hit a wall when it comes to the interaction between cookies and the state of the privacy settings in Internet...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
| | |
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
| |
