Force cleaning of session cookies (firefox, chrome)

Some browsers (Firefox, Chrome) by design doesn't clean session cookies when you close them, if you set some kind of remember me switch (for example in FF go to Options->General->When Firefox starts->Show my windows and tabs from last time). It is a problem for our client (government agency...) while I do have absolute control over http server, I have no control over browser settings. The scenario is - they're used to share computer accounts, however they shouldn't be able to share web accounts - simply closing the browser should kill the session never mind the browser settings.

Is there an elegant way how to enforce that ?

Currently only solution that comes to my mind is some kind of dead man's switch (change cookies to live only for one minute (encrypted server side time stamp), and on every page have javascript "pinger" that will for 20 minutes ping every half minute some "prolong session" handler on the server (login session should be 20 minutes, sliding expiration).

Answers


You could try using HTML5s sessionStorage it lasts for the duration on the page session. A page session lasts for as long as the browser is open and survives over page reloads and restores. Opening a page in a new tab or window will cause a new session to be initiated.

sessionStorage.setItem("username", "John");

https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Storage#sessionStorage

Browser Compatibility https://code.google.com/p/sessionstorage/ compatible with every A-grade browser, included iPhone or Android. http://www.nczonline.net/blog/2009/07/21/introduction-to-sessionstorage/


In firefox a simple setup is require in order to prevent firefox to remember passwords when the browser closed:

  1. enter to setup menu (top right)
  2. select "options"
  3. select "privacy" tab
  4. change "history" from "remember history" to "use custom setting" or "never remember"
  5. when "custom setting" is marked, change the cookies settings "keep until" from "until expired" to "until I close firefox"

Need Your Help

Enable remote blog publishing for custom blog engine

c# asp.net asp.net-mvc-4 blogs

I'm writing a very simple lightweight blog engine with ASP.NET MVC 4. One thing I'd like to allow is remote publishing. That way I can use something like Windows Live Writer to publish blog posts...

tring to reduce the redux boilerplate with some utils

javascript reactjs redux react-redux

I was wondering if there's something wrong with the approach I'm trying in this link: