Ending Session on Revisit (in ASP)

Results 1 to 2 of 2

Thread: Ending Session on Revisit (in ASP)

  1. #1
    Join Date
    Dec 1969

    Default Ending Session on Revisit (in ASP)

    I&#039;ve been struggling with managing sessions that have not been properly closed. After some research, I&#039;ve come to the conclusion that there really is no elegant way to close a session on browser close. The methods suggested out there include using a pop-up window to close the session etc... (which is ugly and for some reason my onUnload doesn&#039;t trigger anyways.) In other words, it seems that you pretty much have to wait for the session to timeout. (Please correct me if I&#039;m wrong.)<BR><BR>So I&#039;ve been trying to reset the session when a user revisits instead. The reason I&#039;m so concerned with closing the previously opened session is because the application I&#039;m creating is very database intensive. If the session is not closed properly because the user closed the browser before logging out or the user&#039;s system crashes, and this user returns to run another query, an error occurs because the database is locked for that session until the session times-out.<BR><BR>Since ASP creates a session tied to a particular computer I thought maybe executing Session.Abandon when the user first enters the site might work. But it doesn&#039;t.<BR><BR>Can some please tell me how to either close a session when the user exits without logging out or close it when the user revisits and his/her previous session hasn&#039;t timed out yet. I open to all suggestions... including using a pop-up window if someone can tell me why the onUnload() doesn&#039;t work. (onBeforeUnload() works and onUnload works if I take out the javascripts for my dhtml menus that are loaded right after the &#060;body&#062; tag -- weird)<BR><BR><BR>A GREAT BIG PRE-THANKS to anyone who might be able to offer some help.<BR><BR>MJL

  2. #2
    Join Date
    Dec 1969

    Default Pretty easy...

    Have a table in the DB that associates username with Session.SessionID. Have a field there that records "lastPageHit" or "lastChange" or whatever you want on per user basis.<BR><BR>When a user logs in and gives username, check that table to see if (a) this is the same session.sessionID and (b) if that "lastPageHit" was more than NN minutes ago.<BR><BR>If (b) is true, then forget (a) and just accept this user, UPDATEing the sessionid and "lastPageHit" fields.<BR><BR>If (b) is false (it&#039;s only been 5 minutes?) and (a) is true, then tell the user:<BR> Either you or someone else is still logged in under this username.<BR> Do you wish to log that other user or session off and start a new one?<BR>If he/she says yes, then force the session.sessionid to change and happiness. <BR><BR>The presumption here is that if a person is stupid enough to give out his/her username and password then he/she deserves to get kicked off if somebody answers "yes" to that question.<BR><BR>You could also manage all this stuff in Application variables, simulating DB usage, of course.<BR><BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts