Im developing a small web aplication, used in a shared computer.
When the user closes the browser window, i want the session and the authentication to be deleted.
In the Login page i use something like this to authenticate the user:
FormsAuthenticationTicket authTicket =
new FormsAuthenticationTicket(1,txtUser.Text,
DateTime.Now,
DateTime.Now.AddMinutes(5),
false,"");
string encTicket = FormsAuthentication.Encrypt(authTicket);
HttpCookie faCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket);
HttpContext.Current.Response.Cookies.Add(faCookie);
string redirectUrl = FormsAuthentication.GetRedirectUrl(txtUser.Text, false);
HttpContext.Current.Response.Redirect(redirectUrl);
As you can see, i have set the "isPersistent" variable to false.
This seems to work on Chrome (haven't tested on IE), however, when i run the app on Firefox, with multiple tabs activated, if i close the browser and open again, im still authenticated, and the cookie is still there!
Its really strange, beacause the cookie should be removed on closing... Is this a bug from Firefox, when you have multiple tabs opened? How can i fix this?
Help is much appreciated!
Thanks in advance
Are you closing the browser, or just the one tab? You need to close the whole browser. If you have multiple top-level browser windows open, all of them need to be closed. Also, any other windows that are part of the FireFox process need to be closed, too: Downloads, Live HTTP Headers, View Page Source, etc.
Thanks for the tips guys, but im sure im closing the browser, without any more Firefox related windows opened.
By reading this, it seems that this is the default browser behavior, choosed by the Firefox 3 designers...
Seems it stores on the disk cookies suposed to be stored on RAM, to recover the tabs when you open the browser again. So if you want to session to be deleted, you need to close all tabs, and then the browser...
I think this can cause some flaws regarding authentication security, for example, someone is using the application, finish the job and leaves, by closing the browser, and not the tabs. Since the computer is shared, right after another user opens the browser, and he will see all the tabs, with the previous session restored...
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With