ASP. NET solution to automatic logout of Forms authentication Close Window

According to msdn and most of the information on the Internet, there are two methods to trigger the session_end event during automatic logout, one is session. abandon (), the other is to close all windows and wait for the timeout of the session to expire. The former one is reliable, but you need to manually execute the logout operation. The latter is not so reliable. After the timeout operation is passed, there will be no changes. You can wait for a moment, some people say it is a bug, so I have not studied it in depth.

So how can we disable the window and automatically log out? There are several points to note here.
1. The formsauthenticationticket class is used in login. Refer to the msdn method:

Code
Dim Ticket As Formsauthenticationticket =   New Formsauthenticationticket ( 1 ,_
Struserid ,_
Datetime. Now ,_
Datetime. Now. addminutes ( 1 ),_
True ,_
Struserdata ,_
Formsauthentication. formscookiepath)
' Encrypt the ticket.
Dim Encticket As   String   = Formsauthentication. Encrypt (ticket)
' Create the cookie.
Response. Cookies. Add ( New Httpcookie (formsauthentication. formscookiename, encticket ))
Response. Redirect (formsauthentication. getredirecturl (struserid, true ))

Here, I manually write the login information into the cookie, which is a little troublesome. Note that my timeout time is 1 minute. In this way, the next visit to the page will automatically go to the login window, regardless of whether you were successful at the previous time.

2. Create an endsession. ASPX page, disable page caching, and there is only one row in itCodeSession. Abandon (), which I will not elaborate on.

3. Add the following JavaScript on your home page or master page:

Code
< Script Language = " Javascript " Type = " Text/JavaScript " >
Function Window. onUnload ()
{
If (Event. clientx <   0   && Event. clienty <   0 ) // Mouse is out of work space
Endsession ();
}

Function Endsession ()
{
Createxmlhttprequest ();
XMLHTTP. Open ( " Get " , " <% = SESSION ( " Serverbaseurl " ) %>/Security/endsession. aspx? Math =' "   + Math. Random () +   " ' " , True );
XMLHTTP. Send ( Null );
}

Function Createxmlhttprequest ()
{
XMLHTTP = False ;
Try
{
XMLHTTP = New XMLHttpRequest ();
}
Catch (E)
{
VaR Xmlhttpversions =   New Array ( " Msxml2.xmlhttp. 6.0 " ,
" Msxml2.xmlhttp. 5.0 " ,
" Msxml2.xmlhttp. 4.0 " ,
" Msxml2.xmlhttp. 3.0 " ,
" Msxml2.xmlhttp " ,
" Microsoft. XMLHTTP " );
For ( VaR I = 0 ; I < Xmlhttpversions. Length &&! XMLHTTP; I ++ )
{
XMLHTTP = New Activexobject (xmlhttpversions [I]);
}
}

If(!XMLHTTP)
Alert ("Error creating the XMLHTTPRequest object.");
Else
ReturnXMLHTTP;
}
</SCRIPT>

 

 

These are the methods I have summarized from the collected data. They may not be suitable for you.

Note that the session ("serverbaseurl") Here is the root URL of the website, followed by a random number to prevent cache operations.