If we want to only let a user have one session, and we put a variable in the
cache, are there any options other that waiting for the cache to expire? For
instance can I catch the browser close event (I am sure javascript exists for
this) so I can post back to the server and clear the users session variables?
Or is this not a recommended action.

your approach only covers one scenario. What about the case where users
create a new browser window? Is this a new session or an old session?

--
Regards,
Alvin Bruney [MVP ASP.NET]

[Shameless Author plug]
The Microsoft Office Web Components Black Book with .NET
Now Available @ www.lulu.com/owc
Forth-coming VSTO.NET - Wrox/Wiley 2006
-------------------------------------------------------



"seal" <seal (AT) discussions (DOT) microsoft.com> wrote

Alvin
Thanks for the reply. When a user opens a new window, the old session is
used. Here is a little background if you are interested.

We got a 'request' that the users only be allowed only a single session as a
'standard'. My .02 worth said that is fine, they must use the logout button
in order for this to work or wait for the session to expire. Well that is
just not acceptable according to the powers that be, it would be a support
nightmare. I found one article that can do what we need using frames:
http://codecorner.tigernews.co.uk/co...wserClose.html. I also have some script that works catching the browser close event.
function doUnload()
{
if (window.event.clientX < 0 && window.event.clientY < 0)
{
alert("Window is closing...");
}
}

However, I cannot get this script to do exactly what I want, which is remove
a certain session varible. What are your suggestions on how to go about
implementing a single session login environment?







"Alvin Bruney - ASP.NET MVP" wrote:

one approach is to set a a querystring variable in the unload event and
force a page post.
On your page load event, read from the querystring (it serves as a flag) to
then remove the forcibly call logout

if (window.event.clientX < 0 && window.event.clientY < 0)
{
Txt.value = "true"
}

....
Page_load()
{
if(Txt.Value != null && Txt.Value == "true")
Logout();
}

roughly
--
Regards,
Alvin Bruney [MVP ASP.NET]

[Shameless Author plug]
The Microsoft Office Web Components Black Book with .NET
Now Available @ www.lulu.com/owc
Forth-coming VSTO.NET - Wrox/Wiley 2006
-------------------------------------------------------



"seal" <seal (AT) discussions (DOT) microsoft.com> wrote

also have some script that works catching the browser close event.

Alvin
This sounds like a great idea, however it is my understanding that the
page_unload event is very unreliable; unless I do not understand your
suggestion. The script I am using will catch a user who just closes his/her
browser

<script>
<!--
function doUnload()
{
if (window.event.clientX < 0 && window.event.clientY < 0)
{
alert("Window is closing...");
}
}
-->
</script>
<body onunload="doUnload();">
seems to work very reliably. However I am trying to find that missing piece
to replace or follow the alert button, that would either send them to a
logout function or remove their session var. Am I making any sense? Sorry ....


"Alvin Bruney - ASP.NET MVP" wrote:

Alvin
I did find something that I think works for us, but I wanted a second
opinion. Instead of using the 'alert("Window is closing...")' I replaced it
with window.open("to some logout window"). Seems a little 'hackish'?

"Alvin Bruney - ASP.NET MVP" wrote:

nope, that's acceptable as well.

--
Regards,
Alvin Bruney [MVP ASP.NET]

[Shameless Author plug]
The Microsoft Office Web Components Black Book with .NET
Now Available @ www.lulu.com/owc
Forth-coming VSTO.NET - Wrox/Wiley 2006
-------------------------------------------------------



"seal" <seal (AT) discussions (DOT) microsoft.com> wrote