发表新帖
发表新帖

Logoff User when browser tab page is closed, ASP.NET MVC

后端 未结
关注
5 417
攒了一身酷
攒了一身酷 2021-02-06 02:29

In one of the ASP.NET MVC apps we would like to logoff the user automatically if he closes the browser tab in which the app is opened.

We are using the following code wh

相关标签:
5条回答
  • 挽巷
    2021-02-06 02:48

    Actually there is no way we can LogOff the user when the user closes the browser tab. The only way for this is to check if the the user is authenticated when we call the LogOn method in the Controller.

    This code is an example of how I do it in ASP.Net MVC 3.

    public ActionResult LogOn()
        {
            if (Request.IsAuthenticated)
            {
                FormsAuthentication.SignOut();
                return RedirectToAction("Index","ProductManager");  
            }
           return View();          
        }
    0 讨论(0)
  • 时光取名叫无心
    2021-02-06 02:51

    A browser clears all Session scoped objects only when it is completely closed, and not when an individual tab is closed.

    One way could be to use a very low Session timeout and have a server-side script poll every few seconds to hit an object on the page. This will extend Session time again. So if a tab is closed, the script can't find the object thereby allowing the Session to timeout. One problem here is if your app is on a pretty high load, your app could DoS itself!

    0 讨论(0)
  • 日久生厌
    2021-02-06 02:59

    We decided to use cookie less authentication so that the authentication token is part of the url. When the tab is closed and they open the website again, they will be asked to authenticate again :)

    0 讨论(0)
  • 既然无缘
    2021-02-06 03:00

    You can simply use session variables to automatically log off anybody trying to return to the secured destination page. Create a single session variable (integer or boolean) and in the onclick event of your login button reset it to a known state after acknowledging that the user has a valid credential then set or increment that session variable in the page_load event of the page your trying to secure. Test these values and signout the user if he is trying to return to the page or do nothing if otherwise. The code may look similar to this.

    protected void btnLogin_Click(object sender, EventArgs e)
 {
         if (IsAuthenticated == true)
         Session["IsUserLoggedIn"] = (int)0;
 }

 protected void Page_Load(object sender, EventArgs e)
{
    if (HttpContext.Current.User.Identity.IsAuthenticated == true)
                {
                        if (Session["IsUserLoggedIn"] != null)
                        {
                                int IsUserLoggedIn = (int)Session["IsUserLoggedIn"];
                                if (IsUserLoggedIn <= 0)
                                {
                                        Session["IsUserLoggedIn"] = (int)IsUserLoggedIn + 1;
                                }
                                else
                                {
                                        Session["IsUserLoggedIn"] = (int)0;
                                        FormsAuthentication.SignOut();
                                        FormsAuthentication.RedirectToLoginPage();
                                }
                        }
                }
                else { Session["IsUserLoggedIn"] = (int)0; } 
        }
    0 讨论(0)
  • 谎友^
    2021-02-06 03:02

    I have not tried this myself, but I think the following approach should work:

    On the client side, you can use the OnUnload event of your document to launch a javascript function that would call your server-side signout method via ajax.

    On the server side, you should have the action method call FormsAuthentication.SignOut() and Session.Abandon();

    0 讨论(0)
 看不清?
提交回复
热议问题