发表新帖
发表新帖

Why Doesn't Closing A Tab Delete A Session Cookie?

后端 未结
关注
5 1724
野性不改
野性不改 2020-11-29 13:15

I\'m using session-based cookies with my website. To my complete surprise, I noticed if I set a session cookie (not a persistent cookie), close a tab, and then reconnect to

相关标签:
5条回答
  • 迷失自我
    2020-11-29 13:29

    This is by design and trying to change it is a very bad idea. What if a user opens a link in a new tab and closes that? Should the session in the original tab be destroyed? Of course not! This demonstrates why you should not even think about this.

    A session ends when the last browser window closes. If you want something else, you:

    1. do not want sessions;
    2. need to make your own "mini-session" infrastructure;
    3. are probably in for a world of hurt and bugs.
    0 讨论(0)
  • 余生分开走
    2020-11-29 13:36

    The session cookie is per-process not per window. So even if you selected New Window you'd still get the same session id. This behavior makes sense. You wouldn't want a user to re-sign in each time they opened a new window while browsing your site.

    I'm not aware off hand of any real way around this.

    0 讨论(0)
  • 走了就别回头了
    2020-11-29 13:42

    You can also write a javascript that detects when a tab is closed and delete the cookie in the javascript

    0 讨论(0)
  • 再見小時候
    2020-11-29 13:51

    Session web storage can be used instead of cookies if you need to depend on tab closure.

    0 讨论(0)
  • 心在旅途
    2020-11-29 13:53

    I found a work around.

    I'm working in ASP.NET C#. I have a Master Page for all the pages of the site except for the Login page. In the Master Page Sever Page Load event I get the Url of the referring page and check if it contains the root of the the site, if not I redirect to the Login page and since it doesn't have that Master Page it displays.

    This works if I try to get to a page from another site or if I enter the Url to the address box of the browser. So if you close the tab and you try to reenter from another tab or reopen the tab, even tho the cookie hasn't been killed you can't reenter the site without going thru Login. This works also even if you haven't closed the tab and your navigating between different sites in the same tab.

    This is the code

       if (Request.UrlReferrer == null || !Request.UrlReferrer.AbsoluteUri.ToString().Contains("root"))
        {
            Response.Redirect("~/Account/Login.aspx");
        }

    When navigating from within the site there's no problem even if you open a link to another page in the site to another tab it opens.

    If you want to be additionally sure you can kill the session and authentication cookie in that if clause before redircting to the Login page.

    This won't work when a user navigated to another site in the same tab and presses the browsers back to button because that works on cache and doesn't automatically send a request to the server.

    So this doesn't kill the session or authentication cookie on closing the tab, but it can help prevent reentering the site without logging in after closing the tab.

    0 讨论(0)
 看不清?
提交回复
热议问题