[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

kill session

Posted on 2005-04-05
13
Medium Priority
?
526 Views
Last Modified: 2008-02-01
hi,
If i login into the webbased application it insert the userid into a database table (little bit user tracking)\
I have also a logout page when click on this it will update the table of the particular user

but when you click the X of the IE browser it will not update the table because you does'n logout nicely from the logout page or logout button.

so my question is how can I kill the session even I click on the X of the IE browser?
have somebody any idea?
please advise
kisoen

0
Comment
Question by:klm67097
  • 5
  • 3
  • 3
  • +2
13 Comments
 
LVL 5

Expert Comment

by:dr_binks
ID: 13712117
well im assuming you are using session vars. so you could simply say in global.asa:

sub Session_OnEnd
'I dunno summin like this:
session("loggedin")=false
session("username")=""
'somthing like that depedning on what your session vars are called
end sub

hope that helps

~Binks
0
 
LVL 15

Expert Comment

by:babuno5
ID: 13713428
you could also use

sub Session_OnEnd
Session.abandon()
end sub
0
 
LVL 14

Expert Comment

by:kiddanger
ID: 13715034
You don't have to do anything.  The session will timeout on its own based on the Session.Timeout, default 20 minutes.
If you want it to run something, like logging when they logged out, then you can use Session_OnEnd and show the session timed out instead of them logging off.

There is no way to determine if the user has left in ASP as far as I know.  I think in .NET, Java, you can use client.isConnected but you would have to do that on a regular basis and seems like too much overhead.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 14

Expert Comment

by:kiddanger
ID: 13716937
BTW... client.isConnected only shows if they're connected, not when they leave.  The client has to inform you they're leaving and it doesn't.
0
 

Author Comment

by:klm67097
ID: 13718567
hi,
should you do it in GLOBAL.ASA?
I have a logout.asp page where the
Session.abandon()
end sub

is mentioned
is it not possible when you click the X on ie Browser that the logout page runs?
see my global.asa
please advise
Kisoen

Sub Application_OnEnd
End Sub
Sub Session_OnStart


      
Session.Timeout = 20
Session("Start") = Now
Application.Lock
Application("visits") = Application("visits") + 1
intTotal_visitors = Application("visits")
Application.Unlock

Session("VisitorID") = intTotal_visitors
Application.Lock
Application("Active") = Application("Active") + 1
Application.Unlock
End Sub


Sub Session_OnEnd



set conn = Server.CreateObject ("ADODB.Connection")
      conn.Open Application("connString")
      
Dim update__MMColParam
update__MMColParam = "1"
if (Session("svusername") <> "") then update__MMColParam = Session("svusername")
      

      ' Update the record when the user logout and write the logout time
      ' plus it sets the user as OFFLINE.
      query = "UPDATE tblActiveusers SET LoggedOut=  now() , Online=1 "
      query = query & "WHERE Online=0 AND  Username= '" + Replace(update__MMColParam, "'", "''") + "'"
      
      conn.Execute (query)
      conn.Close
      set conn = Nothing


Application.Lock
Application("Active") = Application("Active") - 1
Application.Unlock

End Sub
0
 
LVL 14

Expert Comment

by:kiddanger
ID: 13724084
Yes, as babuno5 first suggested.  Put it at the very end of Session_OnEnd
I don't see Session.Abandon in your global.asa.

If I wanted to see if my users were logging out vs timing out, then I'd create a logout.asp page for logouts and do the same in the global.asa specifying it was a timeout.  If I saw a pattern, I may then send out an email to my users that didn't logout and ask them to please log out to help recover server resources.
0
 
LVL 5

Expert Comment

by:RogerSTHLM
ID: 13727714
The solutions mentioned here won't work completly.

If you have an "online flag" in your database and do the following...

in a loginpage....
update tblActiveUsers set online=1 ....... where......

and in session_onend
update tblActiveUsers set online=0....... where....

If the following scenario happens....
1. I log in
2. I close my browser
3. I log in BEFORE first session has ended
...session_onend will fire while surfing "online" (3. above) and your db thinks you are logged out, but you aren't.

You need to save something unique in your db per session, for example sessionid. Like this

in a loginpage
update tblActiveUsers set online=1, lastID=[aspcode: session.sessionID]..... where.....

and in session_onend
update tblActiveUsers set online=0...... where lastID=[aspcode: session.sessionID] and.....

In the scenario above, in 3. you will set a new "lastID" so the flag won't be set to 0 when the first session ends.

Cheers
R
0
 

Author Comment

by:klm67097
ID: 13730879
hi,

OKE but how do I create a sessionID and stored this in the database? via ASP?

Yes I like this scenario but how do i do that?
please advise or show me the direction

gr. kisoen




0
 
LVL 14

Expert Comment

by:kiddanger
ID: 13733104
Roger...

Session_OnEnd will fire and show the old session timed out, which is what did happen.  When the person connects again, they have a new session.  They won't be logged out what that event fires unless he tells Session_OnEnd to run through a logout process, which would be a bad idea.

It will still be accurate as that session did time out and the new session will go through the same procedure, logout or timeout.  He asked how to kill a session when someone closes their browser and that's just not possible.
0
 
LVL 5

Expert Comment

by:RogerSTHLM
ID: 13733896
kiddanger....
I'm not sure I understand you correctly but I give it a try.... You write "He asked how to kill a session when someone closes their browser and that's just not possible". You are absolutly right. You cannot kill the session at this specific time. BUT! This session WILL end after x minutes and its session_onend WILL fire. And the user "Session("svusername")" will be set to offline even if he has logged in again. This problem I tried to add to this discussion.

klm67097....
If you use asp, you get the sessionId simply by using session.sessionID. Add a field to hold the "last logged in sessionID" to the database and use it the way I suggested above.

Cheers
Roger
0
 
LVL 14

Expert Comment

by:kiddanger
ID: 13742753
Hi Roger...

Thanks for your message.  I understand your approach and I don't disagree with it if the Session_OnEnd is to log someone out.  However I read:

"If i login into the webbased application it insert the userid into a database table (little bit user tracking)\
I have also a logout page when click on this it will update the table of the particular user"

To me, that means he's tracking when they login and when they logout.  He wanted to end the session and update his database showing they had left.  We both agree that cannot be achieved.  He appears to be wanting ONLY to update the database to know when they left.

The way I see it, he already has what he needs in the database.  What he needs is something in the Session_OnEnd that will determine when they left, IF they timeout instead of logging out.  To achieve this, I would do the following:

If the session timed out, and sessions were set to 20 minutes, I would take the current time and subtract 20 minutes.

I don't see him wanting to control someone's logout, just track it.  He wanted the session to end when the browser closes to get an accurate date/time when they left.  I think what I suggested will solve that since you cannot determine if they have just closed their browser.

I'm also willing to concede I may have misunderstood the original question but that's how I took it.

From looking at his code:

"And the user "Session("svusername")" will be set to offline even if he has logged in again."

...is incorrect.  He's only logging when they logged out, he's not destroying the session variable.  However, he could have:

login date/time
login date/time
logout date/time
logout date/time

If he does track the session ID also, rather than just the username, he will know which logout to associate with which login.  It is my understanding the server tracks the session by sessionID and even if multiple sessions had session variables with the same value, it wouldn't affect a different session.  The session variable would be destroyed but only for the original session, not the next one, even if they came back before the original was destroyed.

I read it like:

sessionID:session(var)
sessionID: session(var2)

etc.
0
 
LVL 5

Accepted Solution

by:
RogerSTHLM earned 75 total points
ID: 13744151
kiddanger,

Yep. I think we just misunderstood each other. In his example he manipulated some sort of loggedOut flag in his data source in session_onend. That's "caused my warning".

Time to party in Sthlm city. Over and out.
R
0
 

Author Comment

by:klm67097
ID: 13766806
so thx guys
it seems can't be solved
so I have to explain the users they have to use the logout button i.s.o closing the browser.

thx guys
kisoen
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:   The Exchange of informatio…
I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :) To start, I want to make sure everyone understands the importance of utilizing p…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question