Killing session value in Browser Close

Question

I am working in C#.Net. I want to kill the session values when the browser is closed. (i.e) In my application, i want to display online visitors count. If the user clicks logout button means, it works fine. rather than if he close the browser, the session value not cleared.

if the browser close is done, the session value should be killed....

My Global.ascx code...

void Application_Start(object sender, EventArgs e)
{
    // Code that runs on application startup      
    Application["OnlineUsers"] = 0;
}

void Application_End(object sender, EventArgs e)
{
    //  Code that runs on application shutdown
}

void Application_Error(object sender, EventArgs e)
{
    // Code that runs when an unhandled error occurs
}

void Session_Start(object sender, EventArgs e)
{
    Application.Lock();
    Application["OnlineUsers"] = (int)Application["OnlineUsers"] + 1;
    Application.UnLock();
}

void Session_End(object sender, EventArgs e)
{
    Application.Lock();
    Application["OnlineUsers"] = (int)Application["OnlineUsers"] - 1;
    Application.UnLock();
}

My Home.aspx code...

 Visitors online: <%= Application["OnlineUsers"].ToString() %>

If i run my application in IE, the online count will be 1. If i runs in Firefox, the online count should be incresed to 2. If i close the Firefox browser, the count in IE should be changed to 1.

This is my Requirement....

Answer 1

I did this in my .net app for IE, when user click browser right up corner X button, I want to force user logout. Hope that helps.

In master page:

 <script type="text/javascript">
    window.onbeforeunload = function (e) {
        //alert("Killing the session on the server!!");
        if ((window.event.clientX < 0) || (window.event.clientY < 0)) {
            document.getElementById('<%= FORCE_LOGOUT_BTN.ClientID %>').click();
        }
    } 
</script>

In .net site.master page:

<asp:Button ID="FORCE_LOGOUT_BTN" runat="server" CssClass="noShow"OnClick="ForceLogOut" Width="10px" />

Have to use CssClass, set Visible=false not working, since object will become null. Css noShow is: visibility:hidden;

In site.master.cs

public void ForceLogOut(object sender, EventArgs e)
{
    FormsAuthentication.SignOut(); // since I use Form authentication
    Session.Abandon();
}

Answer 2

if (!Session.IsNewSession && Request.UrlReferrer == null)
{

 }

if we type or paste url, this code will redirect to login page

Answer 3

The Http protocol is a connectionless one, so unless you are planning to use websockets, the only two ways to kill the user session should be by a direct request by the user (i.e. pressing a logout link), or a session timeout.

You should not rely on the browser to kill the session. The user can forget to close the browser, or he may have javascript disabled. Instead, provide means to the user to close the session and set your session timeout to a reasonable value adjusted to your users activity.

Answer 4

How about this:

<body onunload="doUnload()">

Then the javascript, would be something like:

function doUnload()
{
   $.post("unset_session.php", { action: "unset" },
         function(data) {
         // Callback if wanted
    });
}

Then in your php, just unset the session data, or destroy the session

<?php
if ($_POST['action'] == 'unset')
{
     // Unset or Destroy the Session
     session_destroy();
}

?>

Answer 5

You could trigger javascript, like this:

<SCRIPT language="JavaScript">
<!--
function loadOut()
{
    window.location="http://www.yoursite.com/loadout.php?sid=235346317";
}
//-->
</SCRIPT>

<body onBeforeUnload="loadOut()">

Your javascript could perform an AJAX call, or whatever. This will also work, I think, when the user leaves your site.

Is this what you were searching for?