Making sure user logs out of web application

Posted on 2009-04-24
Last Modified: 2013-11-07
I have a web application use membership services.   The have to be logged in to get to certain pages.  But how can I make sure that if they leave this certain folder with secure pages and go to another web site or even other pages that we have at our website,  they are logged off and all session variables used during that secure connection is cleared.

Question by:mgmhicks
    LVL 19

    Expert Comment

    Session variables can be cleared in two ways
    The user explicitly does something to log off - like clicking on a log off button.
    Otherwise the session will timeout when no new requests are made within a set time - typically 10 minutes. In that case then the session data will be cleared.
    You cannot force someone to explicitly logoff, hence the session timeout architecture.
    LVL 26

    Accepted Solution

    its very difficult to implement
    because web is stateless and once the information is sent to the client the server does not know about the client till the time the request comes back to the server again
    thats why sessions are maintained on the server and after some time they are cleared out

    it will be very hard to capture when the user navigates to another site from the same web browser window or closes the window but you can clear out the session details when the user navigates away to the unsecure part of your website

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    Wouldn’t it be nice if you could test whether an element is contained in an array by using a Contains method just like the one available on List objects? Wouldn’t it be good if you could write code like this? (CODE) In .NET 3.5, this is possible…
    It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now