I think @fmdano is trying to figure out how to do that when the browser or tab is closed.
f
fmdano
04/01/2022, 7:26 PM
@larryclyons That is what I saw in Ben's article that the session stays....and yes @Myka Forrest I am trying to see if there is a way when the user clicks the X to close the browser if we can clear the session....
l
larryclyons
04/01/2022, 7:27 PM
Session only cookies perhaps.
b
bdw429s
04/01/2022, 7:52 PM
Trying to intercept browser close is a special level of madness. Instead ask the client to explain why they're perfectly ok with there being data in memory on the server so long as the browser is open, even if the user has left for the day or is outside smoking a cigarette. Yet, if the browser windows closes, some magical threshold has been reached where it's no longer ok to have this data in memory.
bdw429s
04/01/2022, 7:53 PM
There's probably not any data in session that isn't also in the database, and it's not like you drop the DB when the user closes their window, lol
bdw429s
04/01/2022, 7:55 PM
Narrowing the attack surface for session highjacking attacks is likely the source of their concern, but (assuming you've taken appropriate caution) the likelihood of a session highjack happening is no different depending on whether the browser is open or not (in fact, if anything it's LESS likely). That's an arbitrary and irrelevant line to draw IMO.