473,888 Members | 1,558 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Session timeouts

Hi

I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true? If so, is this the browser that initiates
the closure, or the server?

Thanks
Kev
May 10 '06 #1
8 1845
"Mantorok" <sp******@spam. com> wrote in message
news:cb******** *************** ***@news.rmplc. co.uk...
I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true?


Totally untrue. If you want to make sure that a session is closed, you need
to provide a mechanism for a user to initiate it i.e. some sort of "Log out"
facility which tears down the session. The server is simply waiting to
respond to requests from clients - it cannot know when a browser has been
closed.

Do a Google search - this topic has been discussed ad nauseum...
http://www.thescripts.com/forum/thread321607.html
May 10 '06 #2

"Mark Rae" <ma**@markN-O-S-P-A-M.co.uk> wrote in message
news:Oj******** ********@TK2MSF TNGP03.phx.gbl. ..
"Mantorok" <sp******@spam. com> wrote in message
news:cb******** *************** ***@news.rmplc. co.uk...
I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true?


Totally untrue. If you want to make sure that a session is closed, you
need to provide a mechanism for a user to initiate it i.e. some sort of
"Log out" facility which tears down the session. The server is simply
waiting to respond to requests from clients - it cannot know when a
browser has been closed.


Thank you for clarifying my thoughts, when I first heard it I immediately
said "How does the server know the client closed the browser?", silenced
followed......

Cheers
Kev
May 10 '06 #3

"Mark Rae" <ma**@markN-O-S-P-A-M.co.uk> wrote in message
news:Oj******** ********@TK2MSF TNGP03.phx.gbl. ..
"Mantorok" <sp******@spam. com> wrote in message
news:cb******** *************** ***@news.rmplc. co.uk...
I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true?


Totally untrue. If you want to make sure that a session is closed, you
need to provide a mechanism for a user to initiate it i.e. some sort of
"Log out" facility which tears down the session. The server is simply
waiting to respond to requests from clients - it cannot know when a
browser has been closed.


Come to think of it - when I log in to my (internal) web-site it stores my
login in a session variable, however when I close the browser and re-open my
login session has gone.

What's happening here?

Thanks
Kev
May 10 '06 #4
"Mantorok" <ma******@manto rok.com> wrote in message
news:e3******** **@newsfeed.th. ifl.net...
Come to think of it - when I log in to my (internal) web-site it stores my
login in a session variable, however when I close the browser and re-open
my login session has gone.

What's happening here?


Opening the browser again causes a new session to be created.
May 10 '06 #5

"Mark Rae" <ma**@markN-O-S-P-A-M.co.uk> wrote in message
news:Oy******** ******@TK2MSFTN GP05.phx.gbl...
"Mantorok" <ma******@manto rok.com> wrote in message
news:e3******** **@newsfeed.th. ifl.net...
Come to think of it - when I log in to my (internal) web-site it stores
my login in a session variable, however when I close the browser and
re-open my login session has gone.

What's happening here?


Opening the browser again causes a new session to be created.


Aha, thanks.

Kev
May 10 '06 #6
"Mantorok" <ma******@manto rok.com> wrote in message
news:e3******** **@newsfeed.th. ifl.net...
Aha, thanks.


http://www.google.com/search?sourcei...2+IsNewSession
May 10 '06 #7
Covering a few items in this thread:

Closing your browser does nothing on the server. The server still waits
until timeout to get rid of the session. And, opening a browser creates a
new session. This means you now have two sessions, but you are only
connected to the newest session.

The way this works is through a session cookie, or server cookie. Even users
with normal cookies off can get these. There are some older browsers that
see both types of cookies as the same. And, yes, an industrious user can
refuse server cookies, as well. But it is rare.

When you open the browser, it will not reuse a server cookie, even if the
session has not timed out. This is for security purposes. So, it creates a
new connection and gets a new server cookie (session). If you open and close
the browser 100 times, you have 100 sessions until they time out, but you
cannot get to any for which you have closed the browser.

Another interesting topic. If you open a new browser instance using Control
+ N, both connect to the same session. If you use the menu, you have two
different sessions. Cool, eh?

Remember, the web is stateless, so it has no clue what the user is doing.

--
Gregory A. Beamer

*************** *************** *************** ****
Think Outside the Box!
*************** *************** *************** ****
"Mantorok" <sp******@spam. com> wrote in message
news:cb******** *************** ***@news.rmplc. co.uk...
Hi

I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true? If so, is this the browser that
initiates the closure, or the server?

Thanks
Kev

May 10 '06 #8
Cowboy,

Very good.

How? an industrious user can
refuse server cookies, as well. But it is rare.

more details please thanks for the education

SA
"Cowboy (Gregory A. Beamer)" <No************ @comcast.netNoS pamM> wrote in
message news:ee******** ******@TK2MSFTN GP04.phx.gbl...
Covering a few items in this thread:

Closing your browser does nothing on the server. The server still waits
until timeout to get rid of the session. And, opening a browser creates a
new session. This means you now have two sessions, but you are only
connected to the newest session.

The way this works is through a session cookie, or server cookie. Even
users with normal cookies off can get these. There are some older browsers
that see both types of cookies as the same. And, yes, an industrious user
can refuse server cookies, as well. But it is rare.

When you open the browser, it will not reuse a server cookie, even if the
session has not timed out. This is for security purposes. So, it creates a
new connection and gets a new server cookie (session). If you open and
close the browser 100 times, you have 100 sessions until they time out,
but you cannot get to any for which you have closed the browser.

Another interesting topic. If you open a new browser instance using
Control + N, both connect to the same session. If you use the menu, you
have two different sessions. Cool, eh?

Remember, the web is stateless, so it has no clue what the user is doing.

--
Gregory A. Beamer

*************** *************** *************** ****
Think Outside the Box!
*************** *************** *************** ****
"Mantorok" <sp******@spam. com> wrote in message
news:cb******** *************** ***@news.rmplc. co.uk...
Hi

I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true? If so, is this the browser that
initiates the closure, or the server?

Thanks
Kev


May 10 '06 #9

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

12
6412
by: Jim | last post by:
The dreaded Session state :-) All, Just to give a little background this is reagarding an ASP 3.0 application running on IIS6 using the default app pool. I have set the session timeout to 540 minutes in IIS (under options tab in Application configuration). There is no code in the Session_OnStart or Session_OnEnd in the global.asa. Via an include file, each page executes these no-cache related code: Response.Buffer = True
1
1842
by: Tim Meagher | last post by:
I am trying to use Forms Authentication for a web page with cookies and a session state. I'm getting a little confused about how to use both and how the timeouts work. My goal is to have a web page that uses forms authentication with login info stored in a database, but also to use some session info during the course of the application. It used to be that when my cookie expired, the next time a hit anything on the web page I would...
3
2813
by: Craig Storey | last post by:
I have a form where users logged in using sessions can edit articles in a WYSIWYG editor. Some of them take their time and don't like to save their work very often and occassionally the sessions expire and their work goes poof. (I've suggested editing off-line and simply copy+paste but they prefer the editor.) After a lot of searching I've found the main culprit is session.gc_maxlifetime and I can set it longet like... ...
9
1813
by: Mikel Astiz | last post by:
Hi, I am looking for a simple way to detect session ends so I can update a session table. I am new to PHP and don't understand how such event can be handled, since there seems not to be a corresponding overridable function. I've found 'register_shutdown_function', but apparently it detects connection breaks while the page is being loaded (I'm not sure though). I supose it will always be possible to control timeouted sessions by...
1
1312
by: Justin Dutoit | last post by:
Hey. What is the best practice for dealing with session state timeouts in a web app? eg Session_OnEnd Sign them out, so they redirect to Login on the next request. Also, for lower security situations, like a home shopping site used from a secure home environment, how long should the session timeout be? Cheers Justin Dutoit
2
1666
by: mircu | last post by:
Hi, I need a quick solution to make my application behave correctly when one of these timeouts occurs. I have some logic in session_start but when the authentication cookie timeouts the user is redirected to login page and after successful login the session is not started. I'd like to have one timeout and when it occurs the user must login and then the new session is started. TIA. Regards, mircu
1
1398
by: - Steve - | last post by:
I use forms based authentication and I've been putting the username in Session State (Session). Then when a user posts I check that Session != null else I Session.Abandon() and Response.Redirect("logon.aspx") since that seems like a graceful way to handle timeouts, session state losses (bin directory was updated for example). This doesn't seem like a reliable way to do it though. I get weird things happening like SOMETIMES if I close...
7
1639
by: Joseph Byrns | last post by:
I have written a shopping cart type web application using session variables to store the shopping cart details (with a timeout of 59 minutes). Originally my timeout was set to the default 20 minute timeout, but I was finding that people could take longer than 20 minutes between pages. So my question is, what are peoples recommendations here, should I continue using the session variables or should I adopt a cookie approach and store...
2
363
by: Fraijo | last post by:
how can i disable session timeouts without affecting any program codings?
25
6111
by: =?Utf-8?B?RGF2aWQgVGhpZWxlbg==?= | last post by:
I tried: <sessionState timeout="1"> </sessionState> bounced IIS, and after 1 minute still had a session. ??? -- thanks - dave
0
9961
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
9800
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
11182
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
10778
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
10886
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
9597
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
7990
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
7148
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
2
4245
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.