问题描述:

As we login stackoverflow,there's a session created between the browser and server which only expired after we manually close the browser or clean cookies. But howto doing this by a programming way on CLIENT SYSTEM during all browser behavior acts normally ? Like nothing happened and just need another login action.

Ok! just curiosity :)

I don't know if this could possibly be done .

Any tips would be appropriated. Danke!

网友答案:

No. The server has no idea when a browser closes. Because the connection between the browser and the server is stateless, when a user closes a tab or shuts down the whole application, the server is unaware of it. It doesn't even destroy the session when you "manually close the browser or clean cookies". The Session does not expire until it times out.

Sessions can be destroyed programatically (I suspect, I don't use Python), for example, when a user clicks the "Log Out" button you should be destroying their session programatically, but if they just close the tab... you can't.

Using session cookies and having relatively short session timeouts in what you should be doing. Session cookies will be orphaned by the browser when the user closes a tab or the app, so even if they open it right back up, they will need to reauthenticate. And having a short session timeout means that their sessions will not be sitting idle, taking up memory, and waiting to be hijacked on your server.

相关阅读:
Top