Asp.net: The Session will expire immediately after the user window is closed.

In general, the session will be automatically cleared when we close the browser, but it will take about one minute to clear the session on the iis server. This may turn us into some security risks, next I will introduce a solution to this risk.

We know that the Session of the WEB server is associated with the client browser thread. If the user closes the browser, the Session object created by the server will also become invalid. However, when IIS processes the Session, in the default configuration, the user's Session does not expire immediately. It usually takes about one minute. During this one minute, the user's Session information is still stored in the server memory, this vulnerability may cause security problems. In some special scenarios, users must immediately abolish the Session after the page window/tag is closed.

The following is a simple method:
1. A new page is displayed immediately after the window is closed.
2. Abolish the Session content on the new page.

Problems:
1. The code in the pop-up window may be disabled by the browser. If you do not need a new window, you can use Ajax to send a request to the server.
2. If there is a server window close event, this part of server code may not be executed.

Refer to the Code for testing in IE.
Front-end

The Code is as follows:

Copy code

<Html> <Head> <Title> Session expired immediately after the user window is closed </title> <Script language = "javascript"> // Pop window mode Window. onunload = function () { Window. open ('windowclose. aspx ', 'windowclose'); // open a new webpage to notify the server that the Session is invalid. }; // Ajax Method Window. onunload = function () { Var xmlHttp = new ActiveXObject ('Microsoft. xmlhttp '); XmlHttp. open ('get', 'windowclose. aspx ', false); // notify the server that the Session is invalid in Ajax mode. XmlHttp. send ();   Alert ('Thank you for using this system! '); // Prompt }; </Script> </Head> <Body> testtesttest </body> </Html>

Background ASPX page

The Code is as follows:	Copy code
<% @ Page Language = "C #" AutoEventWireup = "true" CodeFile = "WindowClose. aspx. cs" Inherits = "WindowClose" %> <% Session. Abandon (); %> // call the Session invalidation Method <Script> Alert ('Thank you for using this system! '); // Prompt // Window. close (); // close the foreground page </Script>