Session timeouts

Discussion in 'ASP .Net' started by Mantorok, May 10, 2006.

  1. Mantorok

    Mantorok Guest

    Hi

    I've just been told that closing your browser closes your session on the
    web-site you are viewing, is this true? If so, is this the browser that initiates
    the closure, or the server?

    Thanks
    Kev
     
    Mantorok, May 10, 2006
    #1
    1. Advertisements

  2. Mantorok

    Mark Rae Guest

    Totally untrue. If you want to make sure that a session is closed, you need
    to provide a mechanism for a user to initiate it i.e. some sort of "Log out"
    facility which tears down the session. The server is simply waiting to
    respond to requests from clients - it cannot know when a browser has been
    closed.

    Do a Google search - this topic has been discussed ad nauseum...
    http://www.thescripts.com/forum/thread321607.html
     
    Mark Rae, May 10, 2006
    #2
    1. Advertisements

  3. Mantorok

    Mantorok Guest

    Thank you for clarifying my thoughts, when I first heard it I immediately
    said "How does the server know the client closed the browser?", silenced
    followed......

    Cheers
    Kev
     
    Mantorok, May 10, 2006
    #3
  4. Mantorok

    Mantorok Guest

    Come to think of it - when I log in to my (internal) web-site it stores my
    login in a session variable, however when I close the browser and re-open my
    login session has gone.

    What's happening here?

    Thanks
    Kev
     
    Mantorok, May 10, 2006
    #4
  5. Mantorok

    Mark Rae Guest

    Opening the browser again causes a new session to be created.
     
    Mark Rae, May 10, 2006
    #5
  6. Mantorok

    Mantorok Guest

    Aha, thanks.

    Kev
     
    Mantorok, May 10, 2006
    #6
  7. Mantorok

    Mark Rae Guest

    Mark Rae, May 10, 2006
    #7
  8. Covering a few items in this thread:

    Closing your browser does nothing on the server. The server still waits
    until timeout to get rid of the session. And, opening a browser creates a
    new session. This means you now have two sessions, but you are only
    connected to the newest session.

    The way this works is through a session cookie, or server cookie. Even users
    with normal cookies off can get these. There are some older browsers that
    see both types of cookies as the same. And, yes, an industrious user can
    refuse server cookies, as well. But it is rare.

    When you open the browser, it will not reuse a server cookie, even if the
    session has not timed out. This is for security purposes. So, it creates a
    new connection and gets a new server cookie (session). If you open and close
    the browser 100 times, you have 100 sessions until they time out, but you
    cannot get to any for which you have closed the browser.

    Another interesting topic. If you open a new browser instance using Control
    + N, both connect to the same session. If you use the menu, you have two
    different sessions. Cool, eh?

    Remember, the web is stateless, so it has no clue what the user is doing.

    --
    Gregory A. Beamer

    *************************************************
    Think Outside the Box!
    *************************************************
     
    Cowboy \(Gregory A. Beamer\), May 10, 2006
    #8
  9. Mantorok

    MSDN Guest

    Cowboy,

    Very good.

    How? an industrious user can
    refuse server cookies, as well. But it is rare.

    more details please thanks for the education

    SA
     
    MSDN, May 10, 2006
    #9
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.