Session timeouts

[Mantorok]

Hi

I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true? If so, is this the browser that initiates
the closure, or the server?

Thanks
Kev

 

[Mark Rae]

I've just been told that closing your browser closes your session on the
web-site you are viewing, is this true?

Totally untrue. If you want to make sure that a session is closed, you need
to provide a mechanism for a user to initiate it i.e. some sort of "Log out"
facility which tears down the session. The server is simply waiting to
respond to requests from clients - it cannot know when a browser has been
closed.

Do a Google search - this topic has been discussed ad nauseum...
http://www.thescripts.com/forum/thread321607.html

 

[Mantorok]

Totally untrue. If you want to make sure that a session is closed, you
need to provide a mechanism for a user to initiate it i.e. some sort of
"Log out" facility which tears down the session. The server is simply
waiting to respond to requests from clients - it cannot know when a
browser has been closed.

Thank you for clarifying my thoughts, when I first heard it I immediately
said "How does the server know the client closed the browser?", silenced
followed......

Cheers
Kev

 

[Mantorok]

Totally untrue. If you want to make sure that a session is closed, you
need to provide a mechanism for a user to initiate it i.e. some sort of
"Log out" facility which tears down the session. The server is simply
waiting to respond to requests from clients - it cannot know when a
browser has been closed.

Come to think of it - when I log in to my (internal) web-site it stores my
login in a session variable, however when I close the browser and re-open my
login session has gone.

What's happening here?

Thanks
Kev

 

[Mark Rae]

Come to think of it - when I log in to my (internal) web-site it stores my
login in a session variable, however when I close the browser and re-open
my login session has gone.

What's happening here?

Opening the browser again causes a new session to be created.

 

[Mantorok]

Opening the browser again causes a new session to be created.

Aha, thanks.

Kev

 

[Mark Rae]

Aha, thanks.

http://www.google.com/search?source...5-48,GGLG:en&q="Session.Abandon"+IsNewSession

 

[Cowboy \(Gregory A. Beamer\)]

Covering a few items in this thread:

Closing your browser does nothing on the server. The server still waits
until timeout to get rid of the session. And, opening a browser creates a
new session. This means you now have two sessions, but you are only
connected to the newest session.

The way this works is through a session cookie, or server cookie. Even users
with normal cookies off can get these. There are some older browsers that
see both types of cookies as the same. And, yes, an industrious user can
refuse server cookies, as well. But it is rare.

When you open the browser, it will not reuse a server cookie, even if the
session has not timed out. This is for security purposes. So, it creates a
new connection and gets a new server cookie (session). If you open and close
the browser 100 times, you have 100 sessions until they time out, but you
cannot get to any for which you have closed the browser.

Another interesting topic. If you open a new browser instance using Control
+ N, both connect to the same session. If you use the menu, you have two
different sessions. Cool, eh?

Remember, the web is stateless, so it has no clue what the user is doing.

--
Gregory A. Beamer

*************************************************
Think Outside the Box!
*************************************************

 

[MSDN]

Cowboy,

Very good.

How? an industrious user can
refuse server cookies, as well. But it is rare.

more details please thanks for the education

SA