Page 2 of 2

Posted: Sun Jun 11, 2006 2:09 pm
by alex.barylski
Oren wrote:I was talking about cookies, not session cookies.
And as far as I know, once you close the browser all sessions expire.
Server side sessions don't expire immediately upon closing of the browser, unlike session cookies...unless the session is explicitly destroyed by someone clicking logout, etc...

Didn't realized this was already disscussed :P

Anyways...sessions are *not* removed when a browser window is closed...they *must* expire over a given period of time, unlike session cookies which the browser has direct control over...

You could try and hook onbeforeclose() or whatever that event is...and during this event notify the server that the session should be removed, but this is pointless as it won't work on all browsers and requires javascript, etc...

Plus if I remember correctly you can't invoke scripts inside this event using location.href, etc...

Perhaps you could use XML HTTP Request Object, I haven't tried that yet...anyways...the point is...server sessions do indeed stay valid for sometime after a browser windows is actually closed :)

Cheers :)