Hi
I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true? If so, is this the browser that initiates
the closure, or the server?
Thanks
Kev
8  1830 
"Mantorok" <sp******@spam. com> wrote in message
news:cb******** *************** ***@news.rmplc. co.uk... I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true?
Totally untrue. If you want to make sure that a session is closed, you need
to provide a mechanism for a user to initiate it i.e. some sort of "Log out"
facility which tears down the session. The server is simply waiting to
respond to requests from clients - it cannot know when a browser has been
closed.
Do a Google search - this topic has been discussed ad nauseum... http://www.thescripts.com/forum/thread321607.html
"Mark Rae" <ma**@markN-O-S-P-A-M.co.uk> wrote in message
news:Oj******** ********@TK2MSF TNGP03.phx.gbl. .. "Mantorok" <sp******@spam. com> wrote in message
news:cb******** *************** ***@news.rmplc. co.uk...
I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true?
Totally untrue. If you want to make sure that a session is closed, you
need to provide a mechanism for a user to initiate it i.e. some sort of
"Log out" facility which tears down the session. The server is simply
waiting to respond to requests from clients - it cannot know when a
browser has been closed.
Thank you for clarifying my thoughts, when I first heard it I immediately
said "How does the server know the client closed the browser?", silenced
followed......
Cheers
Kev
"Mark Rae" <ma**@markN-O-S-P-A-M.co.uk> wrote in message
news:Oj******** ********@TK2MSF TNGP03.phx.gbl. .. "Mantorok" <sp******@spam. com> wrote in message
news:cb******** *************** ***@news.rmplc. co.uk...
I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true?
Totally untrue. If you want to make sure that a session is closed, you
need to provide a mechanism for a user to initiate it i.e. some sort of
"Log out" facility which tears down the session. The server is simply
waiting to respond to requests from clients - it cannot know when a
browser has been closed.
Come to think of it - when I log in to my (internal) web-site it stores my
login in a session variable, however when I close the browser and re-open my
login session has gone.
What's happening here?
Thanks
Kev
"Mantorok" <ma******@manto rok.com> wrote in message
news:e3******** **@newsfeed.th. ifl.net... Come to think of it - when I log in to my (internal) web-site it stores my
login in a session variable, however when I close the browser and re-open
my login session has gone.
What's happening here?
Opening the browser again causes a new session to be created.
"Mark Rae" <ma**@markN-O-S-P-A-M.co.uk> wrote in message
news:Oy******** ******@TK2MSFTN GP05.phx.gbl... "Mantorok" <ma******@manto rok.com> wrote in message
news:e3******** **@newsfeed.th. ifl.net...
Come to think of it - when I log in to my (internal) web-site it stores
my login in a session variable, however when I close the browser and
re-open my login session has gone.
What's happening here?
Opening the browser again causes a new session to be created.
Aha, thanks.
Kev
Covering a few items in this thread:
Closing your browser does nothing on the server. The server still waits
until timeout to get rid of the session. And, opening a browser creates a
new session. This means you now have two sessions, but you are only
connected to the newest session.
The way this works is through a session cookie, or server cookie. Even users
with normal cookies off can get these. There are some older browsers that
see both types of cookies as the same. And, yes, an industrious user can
refuse server cookies, as well. But it is rare.
When you open the browser, it will not reuse a server cookie, even if the
session has not timed out. This is for security purposes. So, it creates a
new connection and gets a new server cookie (session). If you open and close
the browser 100 times, you have 100 sessions until they time out, but you
cannot get to any for which you have closed the browser.
Another interesting topic. If you open a new browser instance using Control
+ N, both connect to the same session. If you use the menu, you have two
different sessions. Cool, eh?
Remember, the web is stateless, so it has no clue what the user is doing.
--
Gregory A. Beamer
*************** *************** *************** ****
Think Outside the Box!
*************** *************** *************** ****
"Mantorok" <sp******@spam. com> wrote in message
news:cb******** *************** ***@news.rmplc. co.uk... Hi
I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true? If so, is this the browser that
initiates the closure, or the server?
Thanks
Kev
Cowboy,
Very good.
How? an industrious user can
refuse server cookies, as well. But it is rare.
more details please thanks for the education
SA
"Cowboy (Gregory A. Beamer)" <No************ @comcast.netNoS pamM> wrote in
message news:ee******** ******@TK2MSFTN GP04.phx.gbl... Covering a few items in this thread:
Closing your browser does nothing on the server. The server still waits
until timeout to get rid of the session. And, opening a browser creates a
new session. This means you now have two sessions, but you are only
connected to the newest session.
The way this works is through a session cookie, or server cookie. Even
users with normal cookies off can get these. There are some older browsers
that see both types of cookies as the same. And, yes, an industrious user
can refuse server cookies, as well. But it is rare.
When you open the browser, it will not reuse a server cookie, even if the
session has not timed out. This is for security purposes. So, it creates a
new connection and gets a new server cookie (session). If you open and
close the browser 100 times, you have 100 sessions until they time out,
but you cannot get to any for which you have closed the browser.
Another interesting topic. If you open a new browser instance using
Control + N, both connect to the same session. If you use the menu, you
have two different sessions. Cool, eh?
Remember, the web is stateless, so it has no clue what the user is doing.
--
Gregory A. Beamer
*************** *************** *************** ****
Think Outside the Box!
*************** *************** *************** ****
"Mantorok" <sp******@spam. com> wrote in message
news:cb******** *************** ***@news.rmplc. co.uk... Hi
I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true? If so, is this the browser that
initiates the closure, or the server?
Thanks
Kev
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Jim |
last post by:
The dreaded Session state :-)
All, Just to give a little background this is reagarding an ASP 3.0
application running on IIS6 using the default app pool.
I have set the session timeout to 540 minutes in IIS (under options tab in
Application configuration). There is no code in the Session_OnStart or
Session_OnEnd in the global.asa. Via an include file, each page executes
these no-cache related code:
Response.Buffer = True
|
by: Tim Meagher |
last post by:
I am trying to use Forms Authentication for a web page with cookies and a
session state. I'm getting a little confused about how to use both and how
the timeouts work. My goal is to have a web page that uses forms
authentication with login info stored in a database, but also to use some
session info during the course of the application. It used to be that when
my cookie expired, the next time a hit anything on the web page I would...
|
by: Craig Storey |
last post by:
I have a form where users logged in using sessions can edit articles in
a WYSIWYG editor. Some of them take their time and don't like to save
their work very often and occassionally the sessions expire and their
work goes poof. (I've suggested editing off-line and simply copy+paste
but they prefer the editor.)
After a lot of searching I've found the main culprit is
session.gc_maxlifetime and I can set it longet like...
...
|
by: Mikel Astiz |
last post by:
Hi,
I am looking for a simple way to detect session ends so I can update a
session table. I am new to PHP and don't understand how such event can be
handled, since there seems not to be a corresponding overridable function.
I've found 'register_shutdown_function', but apparently it detects
connection breaks while the page is being loaded (I'm not sure though).
I supose it will always be possible to control timeouted sessions by...
|
by: Justin Dutoit |
last post by:
Hey. What is the best practice for dealing with session state timeouts in a
web app? eg Session_OnEnd Sign them out, so they redirect to Login on the
next request.
Also, for lower security situations, like a home shopping site used from a
secure home environment, how long should the session timeout be?
Cheers
Justin Dutoit
| | |
by: mircu |
last post by:
Hi,
I need a quick solution to make my application behave correctly when one
of these timeouts occurs. I have some logic in session_start but when
the authentication cookie timeouts the user is redirected to login page
and after successful login the session is not started. I'd like to have
one timeout and when it occurs the user must login and then the new
session is started. TIA.
Regards,
mircu
|
by: - Steve - |
last post by:
I use forms based authentication and I've been putting the username in
Session State (Session).
Then when a user posts I check that Session != null else I
Session.Abandon() and Response.Redirect("logon.aspx") since that seems like
a graceful way to handle timeouts, session state losses (bin directory was
updated for example).
This doesn't seem like a reliable way to do it though. I get weird things
happening like SOMETIMES if I close...
|
by: Joseph Byrns |
last post by:
I have written a shopping cart type web application using session variables
to store the shopping cart details (with a timeout of 59 minutes).
Originally my timeout was set to the default 20 minute timeout, but I was
finding that people could take longer than 20 minutes between pages. So my
question is, what are peoples recommendations here, should I continue using
the session variables or should I adopt a cookie approach and store...
|
by: Fraijo |
last post by:
how can i disable session timeouts without affecting any program codings?
|
by: =?Utf-8?B?RGF2aWQgVGhpZWxlbg==?= |
last post by:
I tried:
<sessionState timeout="1">
</sessionState>
bounced IIS, and after 1 minute still had a session.
???
--
thanks - dave
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
