Logout all session on browser close
252 views
Skip to first unread message
Umar Draz
Jun 28, 2017, 3:29:30 PM6/28/17
to SimpleSAMLphp
Hi
Is it possible whenever I close browser all the session or logins destroy/logout
Regards
Peter Schober
Jun 28, 2017, 6:04:51 PM6/28/17
to SimpleSAMLphp
* Umar Draz <uni...@gmail.com> [2017-06-28 21:29]:
server-side and closing the browser does not magically send SAML
protocol messages to certain systems.
But yes in the practical sense in that removing session cookies from
the browser (which either is default or configurable behaviour in
most/all browsers) will remove what the server needs to match those
server-side sessions.
When I close my browser all my sessions are gone. I did't have to do
anything about that. If your browser handles this differently, you'll
need to research.
But of course noone ever needs to logout from their own computer (or
shared account on a multi-user system) -- instead you
close/lock/logout/shutdown the whole system/account. That also
protects all the local data and other applications on that
system/account.
For user switching (another use-case often conflated with logout) it's
best and easiest to get into the habit of starting a "private browsing
mode" window from your browser *before* letting someone else use your
computer/account, as that window won't share any state/sessions with
your main browser window(s) and likewise closing it after the other
person is done will not affect your existing (mai) browser windows.
That takes care of most/all cases I know about, and before even
talking about SAML Logout.
-peter
> Is it possible whenever I close browser all the session or logins
> destroy/logout
Not in the literal sense, since the sessions exist only on the
> destroy/logout
server-side and closing the browser does not magically send SAML
protocol messages to certain systems.
But yes in the practical sense in that removing session cookies from
the browser (which either is default or configurable behaviour in
most/all browsers) will remove what the server needs to match those
server-side sessions.
When I close my browser all my sessions are gone. I did't have to do
anything about that. If your browser handles this differently, you'll
need to research.
But of course noone ever needs to logout from their own computer (or
shared account on a multi-user system) -- instead you
close/lock/logout/shutdown the whole system/account. That also
protects all the local data and other applications on that
system/account.
For user switching (another use-case often conflated with logout) it's
best and easiest to get into the habit of starting a "private browsing
mode" window from your browser *before* letting someone else use your
computer/account, as that window won't share any state/sessions with
your main browser window(s) and likewise closing it after the other
person is done will not affect your existing (mai) browser windows.
That takes care of most/all cases I know about, and before even
talking about SAML Logout.
-peter
Umar Draz
Jun 29, 2017, 1:53:24 PM6/29/17
to SimpleSAMLphp, peter....@univie.ac.at
Thanks Peter :)
Reply all
Reply to author
Forward
0 new messages