kill session variables when browser close 4

[xxlargewasp]

hello,
is there any reliable way to kill session variables when users close the browser?

xxLargeWASP

 

[webmigit]

Could you popup a window on browser close and run structclear(session)? And then close the window with JS?

Tony

 

[xxlargewasp]

man, it's really a very good idea. thanks alot.
but what if javascript was disabled! i will use your solution, but i'm still looking for some unbreakable solution. i really appreciate it
....:::::.... xxLargeWASP ....:::::....

 

[webmigit]

Maybe use cgi.http_referer?

<CFIF cgi.http_referer does not contain &quot;mysite.com&quot;>
<CFSET structclear(session)>
</CFIF>

Just put that in application.cfm and then when they come to the site, it clears the session.

 

[pigsie]

Try this:

<cfif isdefined(&quot;cookie.CFID&quot and isdefined(&quot;cookie.CFTOKEN&quot >
<cfset tempCFID = cookie.CFID >
<cfset tempCFTOKEN = cookie.cftoken >
<cfcookie name=&quot;CFID&quot; value=&quot;#tempCFID#&quot; >
<cfcookie name=&quot;CFTOKEN&quot; value=&quot;#tempCFTOKEN#&quot; >
</cfif>

It will kill the session when the browser is closed but only when the browser is closed (not if the user moves to another site).Using this and a combination of the above suggestions should help. Also provide users with a link to logout (basically a page which simply clears the session) .

Apart from the above there is no real way to determine if the user has gone away without using perhaps javascript and hidden frames and as we all know this can be switched off.

HTH