| Author |
 Topic  |
|
|
Nikkol
Forum Moderator
USA
6907 Posts |
 Posted - 20 April 2002 : 14:10:21
|
Anyone know how to abandon a session if the browser window is closed?
Thanks!
Nikkol |
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 20 April 2002 : 14:56:41
|
That looks a bit difficult on the client side... You can terminate a session with the Session.abandon method, but that is server side.
Maybe it would be possible to catch the windows close event for the browser window and, using Javascript, and invoke a script executing the Server.Abandon method and then close this new window?
Is this feasible? I don't know if you can catch the browser's close event and delay the closing long enough to invoke another page...
-------------------------------------------------
Installation Guide | Do's and Dont's | MODs |
 |
|
|
Nikkol
Forum Moderator
USA
6907 Posts |
Posted - 20 April 2002 : 15:07:24
|
That's exactly what I was wondering. I'm thinking of using Cookies instead. What I'm trying to do is this:
I have a folder with Basic Authentication turned on and a file inside that folder that will show certain things for the user that authenticated (call it test.asp).
I have a link on a page OUTSIDE that folder that opens a new window to display test.asp. Now of course, the authentication box pops up and the user enters their username and password. The page displays if they entered their user credentials properly.
Here's the problem, if the user closes the window and clicks the link again, the browser remembers that they had authenticated and displays test.asp again. I want to be able to force authentication again.
Any ideas?
Nikkol |
|
|
|
Nikkol
Forum Moderator
USA
6907 Posts |
Posted - 20 April 2002 : 15:11:38
|
Here's what I had when I tried using sessions. It worked okay except if the user clicked the link again before the session timed out it redisplayed the page again without having to re-authenticate:
Session.TimeOut = 5
if Session("UserAuth") <> "authorized" then
Response.Status = "401 Access Denied"
Response.Addheader "WWW-Authenticate","Basic"
Response.Flush
end if
Session("UserAuth") = "authorized"
Nikkol |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 20 April 2002 : 15:22:06
|
Well Nikkol, you can definitely use the onUnload event to detect the window browser being closed.
Uum... Had to change this because I hadn't seen your last post. Maybe you can set a cookie value on the event handler to Unload event and use that at your page...
-------------------------------------------------
Installation Guide | Do's and Dont's | MODs
Edited by - ruirib on 20 April 2002 15:26:15 |
|
|
|
Nikkol
Forum Moderator
USA
6907 Posts |
Posted - 20 April 2002 : 15:24:59
|
quote:
What I don't get is how could cookies be used for what you want. The authentication process is automatically initiated by the browser. How could the value of a cookie be used to start that again?
Same way as I was trying to do with the Session (see my last post).
Nikkol |
|
|
|
Gremlin
General Help Moderator
New Zealand
7528 Posts |
Posted - 20 April 2002 : 19:26:22
|
You may also find Response.IsClientConnected handy.
It works better in ASP3 as you don't need to send a response.write to the client first, but its still usable in ASP2 to determine whether or not the client has changed pages, or disconnected in some other way.
Perhaps generate your own sessionkeys also so you can keep track of whos just started a new browser session.
www.daoc-halo.com |
|
|
|
Nikkol
Forum Moderator
USA
6907 Posts |
Posted - 20 April 2002 : 21:25:53
|
Gremlin, I'm not sure that will work in my case. Basically, I've got a popup window that requires authentication. When the user closes the window and then opens it again, the browser "remembers" the user credentials, and I don't want it to.
Nikkol |
|
|
|
Gremlin
General Help Moderator
New Zealand
7528 Posts |
Posted - 21 April 2002 : 02:31:12
|
Do you have access to the global.asa file ?
www.daoc-halo.com |
|
|
|
Nikkol
Forum Moderator
USA
6907 Posts |
Posted - 21 April 2002 : 09:57:10
|
Yes, and I thought about that, but I've never messed with global.asa.
Nikkol |
|
|
|
Doug G
Support Moderator
USA
6493 Posts |
Posted - 21 April 2002 : 15:41:54
|
quote:
Gremlin, I'm not sure that will work in my case. Basically, I've got a popup window that requires authentication. When the user closes the window and then opens it again, the browser "remembers" the user credentials, and I don't want it to.
Nikkol
If your users are authenticating to the web server because they need OS permissions to view a file or folder, I don't think there is a way to "clean out" the credentials from the browser without closing it. I saw some code once that will force a new authentication dialog by using a http header.
If your user credentials are like the Snitz ones, a username and password stored from a db and stored in a session variable, you may be able to figure out some client script that will clear the session when a page is left by the user. Otherwise you're probably stuck with waiting for a session to timeout before the session data is gone.
I don't think there is a solution in global.asa. You can put code for a session_onend event there but by that time you don't need to do anything else to destroy the session object.
======
Doug G
====== |
|
|
|
Nikkol
Forum Moderator
USA
6907 Posts |
Posted - 21 April 2002 : 15:53:19
|
Thanks Doug. I think I'll just set the TimeOut to a low number and just wait for it. The problem though is that the authentication box will come up again, but if you hit the cancel button, it let's you back in under the previously authenticated user. grr.
Nikkol |
|
|
| |
Topic |
|
Topic Locked
