By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
439,971 Members | 1,451 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 439,971 IT Pros & Developers. It's quick & easy.

Session timeouts

P: n/a
Hi

I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true? If so, is this the browser that initiates
the closure, or the server?

Thanks
Kev
May 10 '06 #1
Share this Question
Share on Google+
8 Replies


P: n/a
"Mantorok" <sp******@spam.com> wrote in message
news:cb**************************@news.rmplc.co.uk ...
I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true?


Totally untrue. If you want to make sure that a session is closed, you need
to provide a mechanism for a user to initiate it i.e. some sort of "Log out"
facility which tears down the session. The server is simply waiting to
respond to requests from clients - it cannot know when a browser has been
closed.

Do a Google search - this topic has been discussed ad nauseum...
http://www.thescripts.com/forum/thread321607.html
May 10 '06 #2

P: n/a

"Mark Rae" <ma**@markN-O-S-P-A-M.co.uk> wrote in message
news:Oj****************@TK2MSFTNGP03.phx.gbl...
"Mantorok" <sp******@spam.com> wrote in message
news:cb**************************@news.rmplc.co.uk ...
I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true?


Totally untrue. If you want to make sure that a session is closed, you
need to provide a mechanism for a user to initiate it i.e. some sort of
"Log out" facility which tears down the session. The server is simply
waiting to respond to requests from clients - it cannot know when a
browser has been closed.


Thank you for clarifying my thoughts, when I first heard it I immediately
said "How does the server know the client closed the browser?", silenced
followed......

Cheers
Kev
May 10 '06 #3

P: n/a

"Mark Rae" <ma**@markN-O-S-P-A-M.co.uk> wrote in message
news:Oj****************@TK2MSFTNGP03.phx.gbl...
"Mantorok" <sp******@spam.com> wrote in message
news:cb**************************@news.rmplc.co.uk ...
I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true?


Totally untrue. If you want to make sure that a session is closed, you
need to provide a mechanism for a user to initiate it i.e. some sort of
"Log out" facility which tears down the session. The server is simply
waiting to respond to requests from clients - it cannot know when a
browser has been closed.


Come to think of it - when I log in to my (internal) web-site it stores my
login in a session variable, however when I close the browser and re-open my
login session has gone.

What's happening here?

Thanks
Kev
May 10 '06 #4

P: n/a
"Mantorok" <ma******@mantorok.com> wrote in message
news:e3**********@newsfeed.th.ifl.net...
Come to think of it - when I log in to my (internal) web-site it stores my
login in a session variable, however when I close the browser and re-open
my login session has gone.

What's happening here?


Opening the browser again causes a new session to be created.
May 10 '06 #5

P: n/a

"Mark Rae" <ma**@markN-O-S-P-A-M.co.uk> wrote in message
news:Oy**************@TK2MSFTNGP05.phx.gbl...
"Mantorok" <ma******@mantorok.com> wrote in message
news:e3**********@newsfeed.th.ifl.net...
Come to think of it - when I log in to my (internal) web-site it stores
my login in a session variable, however when I close the browser and
re-open my login session has gone.

What's happening here?


Opening the browser again causes a new session to be created.


Aha, thanks.

Kev
May 10 '06 #6

P: n/a
"Mantorok" <ma******@mantorok.com> wrote in message
news:e3**********@newsfeed.th.ifl.net...
Aha, thanks.


http://www.google.com/search?sourcei...2+IsNewSession
May 10 '06 #7

P: n/a
Covering a few items in this thread:

Closing your browser does nothing on the server. The server still waits
until timeout to get rid of the session. And, opening a browser creates a
new session. This means you now have two sessions, but you are only
connected to the newest session.

The way this works is through a session cookie, or server cookie. Even users
with normal cookies off can get these. There are some older browsers that
see both types of cookies as the same. And, yes, an industrious user can
refuse server cookies, as well. But it is rare.

When you open the browser, it will not reuse a server cookie, even if the
session has not timed out. This is for security purposes. So, it creates a
new connection and gets a new server cookie (session). If you open and close
the browser 100 times, you have 100 sessions until they time out, but you
cannot get to any for which you have closed the browser.

Another interesting topic. If you open a new browser instance using Control
+ N, both connect to the same session. If you use the menu, you have two
different sessions. Cool, eh?

Remember, the web is stateless, so it has no clue what the user is doing.

--
Gregory A. Beamer

*************************************************
Think Outside the Box!
*************************************************
"Mantorok" <sp******@spam.com> wrote in message
news:cb**************************@news.rmplc.co.uk ...
Hi

I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true? If so, is this the browser that
initiates the closure, or the server?

Thanks
Kev

May 10 '06 #8

P: n/a
Cowboy,

Very good.

How? an industrious user can
refuse server cookies, as well. But it is rare.

more details please thanks for the education

SA
"Cowboy (Gregory A. Beamer)" <No************@comcast.netNoSpamM> wrote in
message news:ee**************@TK2MSFTNGP04.phx.gbl...
Covering a few items in this thread:

Closing your browser does nothing on the server. The server still waits
until timeout to get rid of the session. And, opening a browser creates a
new session. This means you now have two sessions, but you are only
connected to the newest session.

The way this works is through a session cookie, or server cookie. Even
users with normal cookies off can get these. There are some older browsers
that see both types of cookies as the same. And, yes, an industrious user
can refuse server cookies, as well. But it is rare.

When you open the browser, it will not reuse a server cookie, even if the
session has not timed out. This is for security purposes. So, it creates a
new connection and gets a new server cookie (session). If you open and
close the browser 100 times, you have 100 sessions until they time out,
but you cannot get to any for which you have closed the browser.

Another interesting topic. If you open a new browser instance using
Control + N, both connect to the same session. If you use the menu, you
have two different sessions. Cool, eh?

Remember, the web is stateless, so it has no clue what the user is doing.

--
Gregory A. Beamer

*************************************************
Think Outside the Box!
*************************************************
"Mantorok" <sp******@spam.com> wrote in message
news:cb**************************@news.rmplc.co.uk ...
Hi

I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true? If so, is this the browser that
initiates the closure, or the server?

Thanks
Kev


May 10 '06 #9

This discussion thread is closed

Replies have been disabled for this discussion.