473,396 Members | 2,052 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > session timeouts

Join Bytes to post your question to a community of 473,396 software developers and data experts.

Session timeouts

Hi

I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true? If so, is this the browser that initiates
the closure, or the server?

Thanks
Kev
May 10 '06 #1
8 1799
"Mantorok" <sp******@spam.com> wrote in message
news:cb**************************@news.rmplc.co.uk ...
I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true?


Totally untrue. If you want to make sure that a session is closed, you need
to provide a mechanism for a user to initiate it i.e. some sort of "Log out"
facility which tears down the session. The server is simply waiting to
respond to requests from clients - it cannot know when a browser has been
closed.

Do a Google search - this topic has been discussed ad nauseum...
http://www.thescripts.com/forum/thread321607.html
May 10 '06 #2

"Mark Rae" <ma**@markN-O-S-P-A-M.co.uk> wrote in message
news:Oj****************@TK2MSFTNGP03.phx.gbl...
"Mantorok" <sp******@spam.com> wrote in message
news:cb**************************@news.rmplc.co.uk ...
I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true?


Totally untrue. If you want to make sure that a session is closed, you
need to provide a mechanism for a user to initiate it i.e. some sort of
"Log out" facility which tears down the session. The server is simply
waiting to respond to requests from clients - it cannot know when a
browser has been closed.


Thank you for clarifying my thoughts, when I first heard it I immediately
said "How does the server know the client closed the browser?", silenced
followed......

Cheers
Kev
May 10 '06 #3

"Mark Rae" <ma**@markN-O-S-P-A-M.co.uk> wrote in message
news:Oj****************@TK2MSFTNGP03.phx.gbl...
"Mantorok" <sp******@spam.com> wrote in message
news:cb**************************@news.rmplc.co.uk ...
I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true?


Totally untrue. If you want to make sure that a session is closed, you
need to provide a mechanism for a user to initiate it i.e. some sort of
"Log out" facility which tears down the session. The server is simply
waiting to respond to requests from clients - it cannot know when a
browser has been closed.


Come to think of it - when I log in to my (internal) web-site it stores my
login in a session variable, however when I close the browser and re-open my
login session has gone.

What's happening here?

Thanks
Kev
May 10 '06 #4
"Mantorok" <ma******@mantorok.com> wrote in message
news:e3**********@newsfeed.th.ifl.net...
Come to think of it - when I log in to my (internal) web-site it stores my
login in a session variable, however when I close the browser and re-open
my login session has gone.

What's happening here?


Opening the browser again causes a new session to be created.
May 10 '06 #5

"Mark Rae" <ma**@markN-O-S-P-A-M.co.uk> wrote in message
news:Oy**************@TK2MSFTNGP05.phx.gbl...
"Mantorok" <ma******@mantorok.com> wrote in message
news:e3**********@newsfeed.th.ifl.net...
Come to think of it - when I log in to my (internal) web-site it stores
my login in a session variable, however when I close the browser and
re-open my login session has gone.

What's happening here?


Opening the browser again causes a new session to be created.


Aha, thanks.

Kev
May 10 '06 #6
"Mantorok" <ma******@mantorok.com> wrote in message
news:e3**********@newsfeed.th.ifl.net...
Aha, thanks.


http://www.google.com/search?sourcei...2+IsNewSession
May 10 '06 #7
Covering a few items in this thread:

Closing your browser does nothing on the server. The server still waits
until timeout to get rid of the session. And, opening a browser creates a
new session. This means you now have two sessions, but you are only
connected to the newest session.

The way this works is through a session cookie, or server cookie. Even users
with normal cookies off can get these. There are some older browsers that
see both types of cookies as the same. And, yes, an industrious user can
refuse server cookies, as well. But it is rare.

When you open the browser, it will not reuse a server cookie, even if the
session has not timed out. This is for security purposes. So, it creates a
new connection and gets a new server cookie (session). If you open and close
the browser 100 times, you have 100 sessions until they time out, but you
cannot get to any for which you have closed the browser.

Another interesting topic. If you open a new browser instance using Control
+ N, both connect to the same session. If you use the menu, you have two
different sessions. Cool, eh?

Remember, the web is stateless, so it has no clue what the user is doing.

--
Gregory A. Beamer

*************************************************
Think Outside the Box!
*************************************************
"Mantorok" <sp******@spam.com> wrote in message
news:cb**************************@news.rmplc.co.uk ...
Hi

I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true? If so, is this the browser that
initiates the closure, or the server?

Thanks
Kev

May 10 '06 #8
Cowboy,

Very good.

How? an industrious user can
refuse server cookies, as well. But it is rare.

more details please thanks for the education

SA
"Cowboy (Gregory A. Beamer)" <No************@comcast.netNoSpamM> wrote in
message news:ee**************@TK2MSFTNGP04.phx.gbl...
Covering a few items in this thread:

Closing your browser does nothing on the server. The server still waits
until timeout to get rid of the session. And, opening a browser creates a
new session. This means you now have two sessions, but you are only
connected to the newest session.

The way this works is through a session cookie, or server cookie. Even
users with normal cookies off can get these. There are some older browsers
that see both types of cookies as the same. And, yes, an industrious user
can refuse server cookies, as well. But it is rare.

When you open the browser, it will not reuse a server cookie, even if the
session has not timed out. This is for security purposes. So, it creates a
new connection and gets a new server cookie (session). If you open and
close the browser 100 times, you have 100 sessions until they time out,
but you cannot get to any for which you have closed the browser.

Another interesting topic. If you open a new browser instance using
Control + N, both connect to the same session. If you use the menu, you
have two different sessions. Cool, eh?

Remember, the web is stateless, so it has no clue what the user is doing.

--
Gregory A. Beamer

*************************************************
Think Outside the Box!
*************************************************
"Mantorok" <sp******@spam.com> wrote in message
news:cb**************************@news.rmplc.co.uk ...
Hi

I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true? If so, is this the browser that
initiates the closure, or the server?

Thanks
Kev


May 10 '06 #9
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

12
Session Timeout
by: Jim | last post by:
The dreaded Session state :-) All, Just to give a little background this is reagarding an ASP 3.0 application running on IIS6 using the default app pool. I have set the session timeout to 540...
ASP / Active Server Pages
1
Cookies, Session State, and Multiple users
by: Tim Meagher | last post by:
I am trying to use Forms Authentication for a web page with cookies and a session state. I'm getting a little confused about how to use both and how the timeouts work. My goal is to have a web...
.NET Framework
3
session timeout suggestions wanted
by: Craig Storey | last post by:
I have a form where users logged in using sessions can edit articles in a WYSIWYG editor. Some of them take their time and don't like to save their work very often and occassionally the sessions...
PHP
9
session ends
by: Mikel Astiz | last post by:
Hi, I am looking for a simple way to detect session ends so I can update a session table. I am new to PHP and don't understand how such event can be handled, since there seems not to be a...
PHP
1
Dealing with Session State timeouts
by: Justin Dutoit | last post by:
Hey. What is the best practice for dealing with session state timeouts in a web app? eg Session_OnEnd Sign them out, so they redirect to Login on the next request. Also, for lower security...
ASP.NET
2
Timeouts: session and authentication
by: mircu | last post by:
Hi, I need a quick solution to make my application behave correctly when one of these timeouts occurs. I have some logic in session_start but when the authentication cookie timeouts the user is...
ASP.NET
1
FBA & Session State
by: - Steve - | last post by:
I use forms based authentication and I've been putting the username in Session State (Session). Then when a user posts I check that Session != null else I Session.Abandon() and...
ASP.NET
7
Session or cookies
by: Joseph Byrns | last post by:
I have written a shopping cart type web application using session variables to store the shopping cart details (with a timeout of 59 minutes). Originally my timeout was set to the default 20 minute...
ASP.NET
2
Session timeouts
by: Fraijo | last post by:
how can i disable session timeouts without affecting any program codings?
ASP.NET
25
How do I change the session timeout?
by: =?Utf-8?B?RGF2aWQgVGhpZWxlbg==?= | last post by:
I tried: <sessionState timeout="1"> </sessionState> bounced IIS, and after 1 minute still had a session. ??? -- thanks - dave
ASP.NET
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!