ending sessions when browser is closed

Discussion in 'ASP General' started by Jennifer Smith, Jan 14, 2004.

  1. We have an environment running ASP on IIS5, where a user
    logs in via an ASP login page and an entry is made to the
    database recording the users login time and a database
    session. If the user then clicks the logout link, the
    database is update with their logout time and unlocks
    their account by removing the database session.

    The problem lies when the user closes the browser ("X").

    When this happens, the IIS session is terminated, which is
    okay, but the database does not get updated and their
    database session is not removed. We have another process
    which will then come along and remove inactive database
    sessions after 10 minutes of inactivity. So, during this
    period of time, the user would not be aloud to log back
    in. I am trying to find a way to capture this scenario so
    that I can make a call down to the database to force their
    account to logout, hence removing the database session.

    Any ideas whatsoever would be greatly appreciated.
     
    Jennifer Smith, Jan 14, 2004
    #1
    1. Advertising

  2. Jennifer Smith

    Mark Schupp Guest

    From what I have seen in this group there is no reliable way to capture the
    end of session when the user closes the browser.

    you could modify your login function so that if it detects an active session
    for the user attempting to log in:
    tell the user that they have a session active
    ask if they want to terminate that session and login again

    --
    Mark Schupp
    Head of Development
    Integrity eLearning
    www.ielearning.com


    "Jennifer Smith" <> wrote in message
    news:01cd01c3dac3$897526e0$...
    > We have an environment running ASP on IIS5, where a user
    > logs in via an ASP login page and an entry is made to the
    > database recording the users login time and a database
    > session. If the user then clicks the logout link, the
    > database is update with their logout time and unlocks
    > their account by removing the database session.
    >
    > The problem lies when the user closes the browser ("X").
    >
    > When this happens, the IIS session is terminated, which is
    > okay, but the database does not get updated and their
    > database session is not removed. We have another process
    > which will then come along and remove inactive database
    > sessions after 10 minutes of inactivity. So, during this
    > period of time, the user would not be aloud to log back
    > in. I am trying to find a way to capture this scenario so
    > that I can make a call down to the database to force their
    > account to logout, hence removing the database session.
    >
    > Any ideas whatsoever would be greatly appreciated.
     
    Mark Schupp, Jan 14, 2004
    #2
    1. Advertising

  3. Jennifer Smith

    Dan Boylett Guest

    "Peter Foti" <> wrote in message
    news:...
    > > for the user attempting to log in:
    > > tell the user that they have a session active
    > > ask if they want to terminate that session and login again

    >
    > Of course, that would be a bad idea from a security point of view.


    depends how its implemented - if every user has a unique ID/password/IP
    address then I dont see why it would be a risk... the person logging on
    should be the same person who logged off surely, or am I missing something
    obvious? (Highly likely!)
     
    Dan Boylett, Jan 14, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ken Cox [Microsoft MVP]

    Re: Relationship between IIS Sessions and ASP.NET Sessions?

    Ken Cox [Microsoft MVP], Aug 8, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    5,425
    Luther Miller
    Aug 8, 2003
  2. Christian Blackburn
    Replies:
    8
    Views:
    455
    Christian Blackburn
    Jun 21, 2006
  3. Lauchlan M

    Ending sessions when running in cookieless mode?

    Lauchlan M, Oct 7, 2003, in forum: ASP .Net Security
    Replies:
    0
    Views:
    116
    Lauchlan M
    Oct 7, 2003
  4. Matt Kruse
    Replies:
    5
    Views:
    336
    Richard Cornford
    Sep 9, 2003
  5. Replies:
    3
    Views:
    143
Loading...

Share This Page