How to log him out if he does not click "Logout"?

A

antonyliu2002

I know this has been asked many times. I searched a little bit, but
could not get a good solution.

I am using form authentication for my small web application.

I know that I can easily log out a user by using
FormsAuthentication.SignOut() and Session.Abandon().

But this will depend on the user's clicking the "Logout" button.

What if he simply closes the browser? It is said that our Web server
has no way of knowing whether the client browser is closed or not.

So, how do we logout a user if he closes the browser instead of
clicking the "Logout" button?

This is the part of my web.config that reinforces the authentication:

<authentication mode="Forms">
<forms name="Auth" loginUrl="/index.aspx" protection="All"
timeout="30" >
<credentials passwordFormat="Clear">
<user name="user1" password="passwd4user1" />
<user name="user2" password="passwd4user2" />
</credentials>
</forms>
</authentication>

The 30 minutes' timeout does not work. Currently a user is logged in
the entire day if he does not click the "Logout" button and signs out.
He remains logged in even if he closes all of his browser windows and
relaunches the browser. How to fix this please?

Thanks.
 
D

David Thielen

Hi;

I believe the timeout works (I am not an expert on this) but that the user
can then be logged back in using a cookie created the first time. This cookie
auto-login can be turned off.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,969
Messages
2,570,161
Members
46,708
Latest member
SherleneF1

Latest Threads

Top