473,322 Members | 1,352 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

Session timeouts

Hi

I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true? If so, is this the browser that initiates
the closure, or the server?

Thanks
Kev
May 10 '06 #1
8 1791
"Mantorok" <sp******@spam.com> wrote in message
news:cb**************************@news.rmplc.co.uk ...
I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true?


Totally untrue. If you want to make sure that a session is closed, you need
to provide a mechanism for a user to initiate it i.e. some sort of "Log out"
facility which tears down the session. The server is simply waiting to
respond to requests from clients - it cannot know when a browser has been
closed.

Do a Google search - this topic has been discussed ad nauseum...
http://www.thescripts.com/forum/thread321607.html
May 10 '06 #2

"Mark Rae" <ma**@markN-O-S-P-A-M.co.uk> wrote in message
news:Oj****************@TK2MSFTNGP03.phx.gbl...
"Mantorok" <sp******@spam.com> wrote in message
news:cb**************************@news.rmplc.co.uk ...
I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true?


Totally untrue. If you want to make sure that a session is closed, you
need to provide a mechanism for a user to initiate it i.e. some sort of
"Log out" facility which tears down the session. The server is simply
waiting to respond to requests from clients - it cannot know when a
browser has been closed.


Thank you for clarifying my thoughts, when I first heard it I immediately
said "How does the server know the client closed the browser?", silenced
followed......

Cheers
Kev
May 10 '06 #3

"Mark Rae" <ma**@markN-O-S-P-A-M.co.uk> wrote in message
news:Oj****************@TK2MSFTNGP03.phx.gbl...
"Mantorok" <sp******@spam.com> wrote in message
news:cb**************************@news.rmplc.co.uk ...
I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true?


Totally untrue. If you want to make sure that a session is closed, you
need to provide a mechanism for a user to initiate it i.e. some sort of
"Log out" facility which tears down the session. The server is simply
waiting to respond to requests from clients - it cannot know when a
browser has been closed.


Come to think of it - when I log in to my (internal) web-site it stores my
login in a session variable, however when I close the browser and re-open my
login session has gone.

What's happening here?

Thanks
Kev
May 10 '06 #4
"Mantorok" <ma******@mantorok.com> wrote in message
news:e3**********@newsfeed.th.ifl.net...
Come to think of it - when I log in to my (internal) web-site it stores my
login in a session variable, however when I close the browser and re-open
my login session has gone.

What's happening here?


Opening the browser again causes a new session to be created.
May 10 '06 #5

"Mark Rae" <ma**@markN-O-S-P-A-M.co.uk> wrote in message
news:Oy**************@TK2MSFTNGP05.phx.gbl...
"Mantorok" <ma******@mantorok.com> wrote in message
news:e3**********@newsfeed.th.ifl.net...
Come to think of it - when I log in to my (internal) web-site it stores
my login in a session variable, however when I close the browser and
re-open my login session has gone.

What's happening here?


Opening the browser again causes a new session to be created.


Aha, thanks.

Kev
May 10 '06 #6
"Mantorok" <ma******@mantorok.com> wrote in message
news:e3**********@newsfeed.th.ifl.net...
Aha, thanks.


http://www.google.com/search?sourcei...2+IsNewSession
May 10 '06 #7
Covering a few items in this thread:

Closing your browser does nothing on the server. The server still waits
until timeout to get rid of the session. And, opening a browser creates a
new session. This means you now have two sessions, but you are only
connected to the newest session.

The way this works is through a session cookie, or server cookie. Even users
with normal cookies off can get these. There are some older browsers that
see both types of cookies as the same. And, yes, an industrious user can
refuse server cookies, as well. But it is rare.

When you open the browser, it will not reuse a server cookie, even if the
session has not timed out. This is for security purposes. So, it creates a
new connection and gets a new server cookie (session). If you open and close
the browser 100 times, you have 100 sessions until they time out, but you
cannot get to any for which you have closed the browser.

Another interesting topic. If you open a new browser instance using Control
+ N, both connect to the same session. If you use the menu, you have two
different sessions. Cool, eh?

Remember, the web is stateless, so it has no clue what the user is doing.

--
Gregory A. Beamer

*************************************************
Think Outside the Box!
*************************************************
"Mantorok" <sp******@spam.com> wrote in message
news:cb**************************@news.rmplc.co.uk ...
Hi

I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true? If so, is this the browser that
initiates the closure, or the server?

Thanks
Kev

May 10 '06 #8
Cowboy,

Very good.

How? an industrious user can
refuse server cookies, as well. But it is rare.

more details please thanks for the education

SA
"Cowboy (Gregory A. Beamer)" <No************@comcast.netNoSpamM> wrote in
message news:ee**************@TK2MSFTNGP04.phx.gbl...
Covering a few items in this thread:

Closing your browser does nothing on the server. The server still waits
until timeout to get rid of the session. And, opening a browser creates a
new session. This means you now have two sessions, but you are only
connected to the newest session.

The way this works is through a session cookie, or server cookie. Even
users with normal cookies off can get these. There are some older browsers
that see both types of cookies as the same. And, yes, an industrious user
can refuse server cookies, as well. But it is rare.

When you open the browser, it will not reuse a server cookie, even if the
session has not timed out. This is for security purposes. So, it creates a
new connection and gets a new server cookie (session). If you open and
close the browser 100 times, you have 100 sessions until they time out,
but you cannot get to any for which you have closed the browser.

Another interesting topic. If you open a new browser instance using
Control + N, both connect to the same session. If you use the menu, you
have two different sessions. Cool, eh?

Remember, the web is stateless, so it has no clue what the user is doing.

--
Gregory A. Beamer

*************************************************
Think Outside the Box!
*************************************************
"Mantorok" <sp******@spam.com> wrote in message
news:cb**************************@news.rmplc.co.uk ...
Hi

I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true? If so, is this the browser that
initiates the closure, or the server?

Thanks
Kev


May 10 '06 #9

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

12
by: Jim | last post by:
The dreaded Session state :-) All, Just to give a little background this is reagarding an ASP 3.0 application running on IIS6 using the default app pool. I have set the session timeout to 540...
1
by: Tim Meagher | last post by:
I am trying to use Forms Authentication for a web page with cookies and a session state. I'm getting a little confused about how to use both and how the timeouts work. My goal is to have a web...
3
by: Craig Storey | last post by:
I have a form where users logged in using sessions can edit articles in a WYSIWYG editor. Some of them take their time and don't like to save their work very often and occassionally the sessions...
9
by: Mikel Astiz | last post by:
Hi, I am looking for a simple way to detect session ends so I can update a session table. I am new to PHP and don't understand how such event can be handled, since there seems not to be a...
1
by: Justin Dutoit | last post by:
Hey. What is the best practice for dealing with session state timeouts in a web app? eg Session_OnEnd Sign them out, so they redirect to Login on the next request. Also, for lower security...
2
by: mircu | last post by:
Hi, I need a quick solution to make my application behave correctly when one of these timeouts occurs. I have some logic in session_start but when the authentication cookie timeouts the user is...
1
by: - Steve - | last post by:
I use forms based authentication and I've been putting the username in Session State (Session). Then when a user posts I check that Session != null else I Session.Abandon() and...
7
by: Joseph Byrns | last post by:
I have written a shopping cart type web application using session variables to store the shopping cart details (with a timeout of 59 minutes). Originally my timeout was set to the default 20 minute...
2
by: Fraijo | last post by:
how can i disable session timeouts without affecting any program codings?
25
by: =?Utf-8?B?RGF2aWQgVGhpZWxlbg==?= | last post by:
I tried: <sessionState timeout="1"> </sessionState> bounced IIS, and after 1 minute still had a session. ??? -- thanks - dave
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.