Session is still active after user closes the browser tab - auto logs in again

0
0

Doing some testing – it looks like if you login, use the app, close the browser tab.

Then, open a new tab and go to the site’s URL – it automatically brings up the app and bypasses the login page.

I can see this as being an issue on a  machine that is shared by multiple users. Or, even worse – when an unauthorized user navigates to the site on a machine where the previous user just closed the tab page.

 

Is there any way to at least have the login page come back up ? I don’t mind the session hanging around for a while, that’s a good thing if they lost connection i guess.

  • You must to post comments
0
0

Session cookies are deleted when the browser is closed. Closing a tab is the same hitting refresh for the browser. There is no type of cookie that is removed when closing a browser tab. This same behavior is present with ASP.NET/MVC when using the ASP.NET session.

With Wisej you can change it in two ways:

  • Clear the session cookie when the tab is closed by adding:

<script>
window.onunload = function () {
document.cookie = “Wisej.SessionId=;”;
}
</script>

The downside is that a simple refresh will also delete the cookie and create a new session.  Adding an argument to the URL will also be perceived by the brower as a tab being closed so the session will be lost as well with the code above.

  • Add “cookieless”:true to Default.json.

Wisej will add the session id to the URL and ignore the cookie. A refresh will preserve the session. Closing the tab will lose it.

 

 

  • You must to post comments
Showing 1 result
Your Answer

Please first to submit.