Log out when the browser or tab is closed (Asp Net + Mvc + Framework 5.4.1)

Anto BAro 86 Reputation points
2022-05-09T08:50:48.573+00:00

Hello,

I would like my project to log out when closing the browser (Edge) or when closing the Tab that contains it. The program is in ASP.NET with MVC and Framework 4.5.1.

Now I have inserted this script in _Layout.chtml

<script language="Javascript">   

window.onbeforeunload = function BClose() {return "Do you really want to close?";};

</script

>

and this instruction in the body of the same view

<body onbeforeunload="BClose()" onclick="clicked=true;">

Unfortunately all of this does not work.

The only result produced is that when I move from one view to another, a message box always appears asking me if I want to exit or not.

I have tried numerous examples but none that act when the browser or tab is closed.

Any suggestions or examples?

Regards

ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,415 questions
0 comments No comments
{count} vote

5 answers

Sort by: Most helpful
  1. AgaveJoe 27,686 Reputation points
    2022-05-09T10:55:08.38+00:00

    You don't mention how your security works. If you are using standard Cookie authentication or Session then simply do not persist the cookie. The cookie expires when the browser is close.

    Cookie are scoped to the browser instance so there is not way to do the same when a tab is closed.

    Keep in mind, this is well-known information if you've done any research then you should have come across this fact.

    0 comments No comments

  2. Anto BAro 86 Reputation points
    2022-05-09T11:00:31.173+00:00

    Hi,
    I use Microsoft.Owin.Security


  3. Anto BAro 86 Reputation points
    2022-05-09T15:59:19.953+00:00

    Hi, I use this code
    var result = await SignInManager.PasswordSignInAsync(model.UserName, model.Password, false, shouldLockout: false);

    this is my LogOff and LogIn

     public ActionResult LogOff()
     {   AuthenticationManager.SignOut();
         Session.Abandon(); 
         Session.Clear();
         Response.Cookies.Add(new HttpCookie("ASP.NET_SessionId", ""));
         this.Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1));
         this.Response.Cache.SetCacheability(HttpCacheability.NoCache);
         this.Response.Cache.SetNoStore();
         return RedirectToAction("Index", "Home");
     }
     public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
     {
          if (model == null)
         {
             return View(model);
         }         
         try
         {
             var result = await SignInManager.PasswordSignInAsync(model.UserName, model.Password, false, shouldLockout: false);
             switch (result)
             {
                 case SignInStatus.Success:
                     return RedirectToLocal(returnUrl);
                 case SignInStatus.LockedOut:
                     return View("Lockout");
                 case SignInStatus.Failure:
                 default:
                     return View("Lockout");
             }
         }
         catch (Exception ex)
         {
                 ModelState.AddModelError("", "Error..");
                 return View(model);
             }
         }
     }
    
    0 comments No comments

  4. Bruce (SqlWork.com) 61,491 Reputation points
    2022-05-09T15:59:45.2+00:00

    there is no browser close event, before unload fires on every page navigation. to use this event to detect navigation away, you code every valid navigation on the page to set a global variable, that the unload event uses to detect valid navigation.

    due to abuse, the before unload event has been restricted what can be done during the event. while you can find suggestion to do what you want, they are not foolproof and always have issues.


  5. AgaveJoe 27,686 Reputation points
    2022-05-09T20:03:47.517+00:00

    In other words what can I do ?

    Using a Session Cookie (isPersistent = false) is the best you can do.

    Modern browser do not allow HTTP requests in the unload event. Any light research should alert you to this fact.