|
Posted by Rik Wasmus on 10/17/07 21:41
On Wed, 17 Oct 2007 23:25:06 +0200, coder <coder@coder.com> wrote:
> I have researched this but have been unsuccessful. I have a site that I
> bring up in a tab on my IE browser. I log in which sets a session
> variable.
> If I then kill that tab, open a new tab and bring up the site again, I am
> still logged in. If I open a new browser instead, then I am not logged
> on.
>
> I would like to be logged out if I kill the tab. I tried with the
> referer
> (why is it spelled this way? It should be referrer),
Historical reasons. Once it was out there it was to late to change it or
something.
> but it was empty for
> both the new session and the new tab.
'Referer' shouldn't be used for anything having to do with being logged
in/out and authentication as a whole. It's user supplied, unreliable, and
often even stripped/blocked by firewall or UA settings.
> How can I determine that this is a new session for the tab as well as the
> new browser?
You can't.
A session by default uses a cookie with a lifetime of 0, which to modern
UA's would mean 'until the browser is closed'. There is no convention to
inform the browser to delete the sessioncookie on a tab close. The only
way it will sort of work (unreliably) is to use some onunload event with
javascript. This will do you no good though, and isn't even worth a minute
of your time trying to implement it.
What is your actual problem/goal for having this kind of behaviour? Maybe
we suggest an alternate solution to your problem.
--
Rik Wasmus
[Back to original message]
|