Session cookie? Browser instance cookie?

[Ben]

Hi, I'm sending out a session cookie. That is a cookie that has no
expiration date. When I surf through the site, no problems, but if I close
the browser and open it back up, the cookie is still there if other browser
windows were open. Even if those windows didn't go to the site with the
cookie or spawn from the browser that is visiting the site. This is causing
a problem. People want to be able to close the browser to logout.

How can I achive this in asp.net? Basically if they close the browser that
was at the site, I want that cookie gone. The cookie persisting across
browsers that haven't touched the site seems odd...

If I close all open browsers, the cookie is finally destroied.

TIA,
Ben

 

[John Saunders]

Hi, I'm sending out a session cookie. That is a cookie that has no
expiration date. When I surf through the site, no problems, but if I close
the browser and open it back up, the cookie is still there if other browser
windows were open. Even if those windows didn't go to the site with the
cookie or spawn from the browser that is visiting the site. This is causing
a problem. People want to be able to close the browser to logout.

How can I achive this in asp.net? Basically if they close the browser that
was at the site, I want that cookie gone. The cookie persisting across
browsers that haven't touched the site seems odd...

Sorry, this isn't an ASP.NET issue, it's a browser issue. In the case of IE,
if you launch one copy of IE, then use it to create several other windows
(using Ctrl-N, for instance), then they are all running in the same process,
and they share cookies. If you launch a separate process, it will not share
the cookies of the first one. This may work differently with different
browsers, but I'd expect many if not most to share cookies.

You might consider using hidden form fields instead of cookies.

 

[Ben]

Sorry, this isn't an ASP.NET issue, it's a browser issue. In the case of IE,
if you launch one copy of IE, then use it to create several other windows
(using Ctrl-N, for instance), then they are all running in the same process,
and they share cookies. If you launch a separate process, it will not share
the cookies of the first one. This may work differently with different
browsers, but I'd expect many if not most to share cookies.

You might consider using hidden form fields instead of cookies.

I don't remember this being an issue in asp. Maybe it was. I'll have to
test with sessions. I didn't think sessions worked like that. Maybe I can
store a session id with the cookie.

 

[Steven Cheng[MSFT]]

Thanks for John's informative suggestions.

Hi Ben,

I think John's suggestions are quite correct and you may done some simple
tests to confirm this.
A simple way is enable the ASP.NET page's Trace and view the cookie
collection.
1.If we use Ctrl-N to start multi browsers when an exsiting IE is started,
they'll share cookies and Also use the
same session(since sessionId bedefault is stored in cookie)

2. IF we lanuch a new IE browser instance, they won't share the cookies(not
persistent or set expire) and will use a
new sessionID if it visit the same application

In addition, the most important is such behavior is diffferent for
different browsers. Thanks.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Get Preview at ASP.NET whidbey
http://msdn.microsoft.com/asp.net/whidbey/default.aspx