|
Posted by coder on 10/18/07 07:56
"Rik Wasmus" <luiheidsgoeroe@hotmail.com> wrote in message
news:op.t0c2j2i45bnjuv@metallium.lan...
> On Wed, 17 Oct 2007 23:25:06 +0200, coder <coder@coder.com> wrote:
>
>> I have researched this but have been unsuccessful. I have a site that I
>> bring up in a tab on my IE browser. I log in which sets a session
>> variable.
>> If I then kill that tab, open a new tab and bring up the site again, I am
>> still logged in. If I open a new browser instead, then I am not logged
>> on.
>>
>> I would like to be logged out if I kill the tab. I tried with the
>> referer
>> (why is it spelled this way? It should be referrer),
>
> Historical reasons. Once it was out there it was to late to change it or
> something.
>
>> but it was empty for
>> both the new session and the new tab.
>
> 'Referer' shouldn't be used for anything having to do with being logged
> in/out and authentication as a whole. It's user supplied, unreliable, and
> often even stripped/blocked by firewall or UA settings.
>
>> How can I determine that this is a new session for the tab as well as the
>> new browser?
>
> You can't.
>
> A session by default uses a cookie with a lifetime of 0, which to modern
> UA's would mean 'until the browser is closed'. There is no convention to
> inform the browser to delete the sessioncookie on a tab close. The only
> way it will sort of work (unreliably) is to use some onunload event with
> javascript. This will do you no good though, and isn't even worth a minute
> of your time trying to implement it.
>
> What is your actual problem/goal for having this kind of behaviour? Maybe
> we suggest an alternate solution to your problem.
> --
> Rik Wasmus
Thank you Rik. I'll live with it this way.
[Back to original message]
|