locked
Dropping cookie value RRS feed

  • Question

  • User1510859543 posted

    We have an application with below code in the global.asax file so that a cookie is deleted when the user closes the session.  The problem that we have is that users start multiple sessions by simply opening up a new tab and starting the same application.  This allows them to jump back and forth between different pages in the application. But when they close that tab, I think it is deleting the cookie named myeecode.  Is it possible to do this only when they close all sessions of the application (e.g. close whole browser)?

        Sub Session_End(ByVal sender As Object, ByVal e As EventArgs)
            HttpContext.Current.Response.Cookies("myeecode").Expires = DateTime.Now.AddDays(-1D)
        End Sub
    

    Thursday, October 1, 2015 12:58 PM

Answers

  • User37182867 posted

    Not unless you also kept track of how many session were open as well.

    For each session_start increment a value, for each session_end decrement then when 0 delete.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, October 1, 2015 1:20 PM

All replies

  • User37182867 posted

    Not unless you also kept track of how many session were open as well.

    For each session_start increment a value, for each session_end decrement then when 0 delete.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, October 1, 2015 1:20 PM
  • User475983607 posted

    dlchase

    We have an application with below code in the global.asax file so that a cookie is deleted when the user closes the session.  The problem that we have is that users start multiple sessions by simply opening up a new tab and starting the same application.  This allows them to jump back and forth between different pages in the application. But when they close that tab, I think it is deleting the cookie named myeecode.  Is it possible to do this only when they close all sessions of the application (e.g. close whole browser)?

    Session is browser instance specific not tab - same goes for cookies.  Closing a browser tab does not delete a cookie unless the cookie is a session cookie and there was only one tab left.

    This snippet of code will will never delete a cookie...

    Sub Session_End(ByVal sender As Object, ByVal e As EventArgs)
       HttpContext.Current.Response.Cookies("myeecode").Expires = DateTime.Now.AddDays(-1D)
    End Sub

    The Session_End event is independent of the user's context.  The Response object is only active during a request it is highly unlikely that a user's Session expires while the user is making a request unless code is specifically killing the session during a request.

    Thursday, October 1, 2015 3:59 PM
  • User1510859543 posted

    What I am trying to accomplish is to delete the cookie whenever a user closes their browser or clicks a logout link using the code below.  How can I accomplish the cookie delete in either instance?  Thanks.

        Protected Sub LBtnLogout_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles LBtnLogout.Click
            Dim myCookie As HttpCookie
            myCookie = New HttpCookie("myeecode")
            myCookie.Expires = DateTime.Now.AddDays(-1D)
            Response.Cookies.Add(myCookie)
            Response.Redirect("~/BodyShopLogin.aspx")
        End Sub

    Thursday, October 1, 2015 4:07 PM
  • User475983607 posted

    dlchase

    What I am trying to accomplish is to delete the cookie whenever a user closes their browser

    There's no reliable way to do this due to how the web and browsers work.  What problem are you trying to solve?

    See the following link

    http://forums.asp.net/t/2069576.aspx?Detecting+when+a+user+exits+the+site

    Thursday, October 1, 2015 4:28 PM
  • User1510859543 posted

    It is an intranet web app and the user wants to have the cookie (myeecode) that identifies the user logged in when they close the browser.  They have some workstations that are used by multiple people so they do not want the cookie values to stay on that PC when they close the browser or logoff via the link button.

    Thursday, October 1, 2015 4:48 PM
  • User475983607 posted

    dlchase

    It is an intranet web app and the user wants to have the cookie (myeecode) that identifies the user logged in when they close the browser. 

    Well, how does the cookie get set?  How do you know the user?  Windows authentication or other?

    Thursday, October 1, 2015 5:50 PM
  • User1510859543 posted

    There is a login page. Then we lookup the various values in SQL database and set cookie values when they successfully login.

    Thursday, October 1, 2015 6:14 PM
  • User475983607 posted

    There is a login page. Then we lookup the various values in SQL database and set cookie values when they successfully login.

    Now I'm a little confused...

    The issue is the users don't log off but they always close the browser?  In that case, you could use a Session cookie where the Session contains the user's ID.  When the user logs in set the Session and the cookie to the user Id.  When the browser closes, not just closing a single tab, Session will restart killing the user's ID.  Then compare the cookie ID to the Session ID. If they are not the same redirect the user to the login page.

    Lastly, set Session to expire are some short interval maybe 5 minutes of non use.

    That's about the best you can do.  You're bound by how the web, browser, cookies, and session work.  

     

    Thursday, October 1, 2015 6:30 PM
  • User859425685 posted

    You should be using session to save the values that you do not need once the browser is closed. Cookies should be used to persist the values even if the user closes the browser or signs out. Also multiple tabs will share the same session and cookies so closing one tab will not end session in another tab, signing out in one tab  will obviously sign-out all tabs.

    Regards

    Tajinder Sarao

    Friday, October 9, 2015 10:00 AM