I have a method I need to run on Session_end. Is there any way I can ensure the code runs when a user closes his browser? This may be a dup queston. I saw one response doing a call to ajax unload or something, but I don't want this to fire everytime a user navigates away from a page, just when they close their browser.
Thanks,
~ck
Simple answer: You can't control user's browser. The AJAX solution you mentioned is the closest you can achieve (without a plugin/custom client.) Imagine some Web site could track every time you opened and closed your browser window. Don't you think it would be a privacy issue?
The truth lies in the stateless nature of HTTP. The Web server is out of the picture as soon as it finishes sending the response to the client. After that, all you can rely on is a client side script (which only executes because the client wants it to; and it can easily choose not to run scripts.)
Session_end is unreliable. No matter what you do.
Session_end only fires when you are using inprocess session. If you are using a session state server or SQL session, session_end does not fire.
When using in process session, session_end only fires if you have stored something in session. If you aren't using session, session_end will never fire.
If you are using session and the user closes the browser, session_end will fire when the users session times out. While it will have some of the same settings as the original session, this event will not be tied to a browser since it is the worker process detecting the session timeout and firing the session_end process.
Related
I'm confused on how the postback works in website and web application because,
I have a button and in that I have given a sleep time for about 30 seconds and in another page on the same time when I try to do any activities like, click redirect etc.
In Web application the above scenario works without any issue.
In Web Site till the button event comes out the sleep time all the other activities will be hang up.
Please explain me on this.
Thanks in advance.
If Session state is enabled, requests within the session will be processed one by one. In your case, request is not completed until button handler comes out of sleep. Other requests are waiting until first request is completed.
To enable concurrent requests you must specify EnableSessionState="ReadOnly" in ASPX file which contains button. Or just disable Session state in webconfig.
<%# Page EnableSessionState="ReadOnly" MasterPageFile="..." CodeBehind="xxx.cs" Inherits="xxx" %>
i want to fire an event in asp.net when my user session has been expired or i close browser.
actually i want to update some thing in database according to login user when he/she leave the site.
Unfortunately this question is very close to "I want to save my data after computer is turned off"... Very hard and not predictable.
Session termination events are not fired for out of process sessions
Users simply close browsers, logout or turn of machines without any cahnce to notify your site
or even worse - instead of watching ads and actively looking at your site they just leave browser open and go drink, sleep...
Or browsers can crash
Now sometimes you can try to handle unload events for browser... you may have enough time to send response sometime.
Probably most reliable solution is to have heartbeat requests from browser and mark users as active this way (in custom database/storage). Periodically check and mark all users that did not send heartbeat requests for some time...
See the session state events documentation here: http://msdn.microsoft.com/en-us/library/ms178583.aspx
I have a logout button on my site that triggers
FormsAuthentication.SignOut()
forcing the need to login again even if one uses the back button on the browser or copy/pastes the URL. However if one closes the tab by the x button of the browser and there's another tab still open, if they copy/paste the URL the page will reopen without logging in. This is a serious security problem. If the browser closed completely by closing all tabs that doesn't happen. How can I prevent returning to the URL after closing the tab even if the browser hasen't been closed completely? Is there a way of catching a javascript OnClose event that will trigger FormsAuthentication.SignOut()? I'm working in asp.net c#.
That's a browser session problem.
A browser session (in fact, the cookie which hold the session id is deleted when the browser is closed) ends only when the browser is closed. It's why you are not logout when you close only one tab without closing the whole browser.
There's no reason to logout the user when he only close a tab. This behavior is not standard on the web and users can be disoriented if you do that.
But nevermind, if you want to do that, you can write a few javascript that drop a popup to warn the user he must logout before leaving. To do that use the unload or onbeforeunload event.
Look at here to see examples :
How to create popup window when browser close
You may use javascript on window onbeforeunload event to make a call to your website and log out the user.
Wait, the user has two tabs open on your site and they click "Logout" in the one, but not in the other? Well, then they haven't really logged out - the session is still active. I see how that can be a problem. But it is not a SECURITY problem, it's just the same user that remains logged in.
Anyway, you can create, for instance, a new session variable that you fill with a value whenever the user logs in, and that you delete when the user logs out. Then in every Page_Load, check this variable, and redirect to the login page if it doesn't exist.
Might be a bit of overkill, but it's all server side and you won't need Javascript to do it.
i want to know when account logout without logout button click.
actually i want to manage dashboard. with some events like login, logout with it's activity date and time.
so if any user login so i will entry for login.
and if any user direct close browser so how can i manage logout entry in database.
You cannot reliably detect the user closing the browser or leaving the website.
The way this is typically done is by measuring inactivity period - if the user has had no activity for, say, 15 minutes, assume that he has left.
The browser will fire a clientside event when it is closing, you should then be able to send a request to your server using javascript.
But as driis said, it is not 100% reliable.
http://aspalliance.com/1294_codesnip_handle_browser_close_event_on_the_serverside
EDIT: Sorry, that article was not nearly as useful as i thought.
What is the best way to determine "user logout" on IIS server in C#/Asp.Net?
I have an application where the logged in users can initiate long running activities on the server. Those activities need to be terminated when the user logs out.
It is not a problem when the user clicks on the logout, but how do I determine that the user has logged out for example in cases like the user's browser crash, user looses his connection etc.
Make the application session timeout short and implement some kind of polling (AJAX request, for example) to the web application.
The polling takes care of maintaining the session and if the browser is closed without appropriate logout or it crashes, it ceases and the session times out soon.
This is not possible. The browser is running on a different computer, and will not inform the server when it crashes!
Some online banks like HSBC implement something like this by simply having a popup window appear after 1 minute, where no user response (e.g. clicking an OK button) closes the window and logs them out.
The technique I'd prefer is a JavaScript timer that redirects to the logout and then login page, firing an AJAX call to the server first to terminate your long running process for that user. Relying on Session End can give a bit of an annoying user experience in my view.