Pesky users closing browsers - you can still get them to 'logout' properly

I regularly have applications which restrict access to a single logon, on a single PC, with the same user name. To achieve this all users have to logout properly, so that they clear down a unique logon GUID is the system database. Being human, not all of them click on LOGOUT within the application; instead they just close the browser directly. When they next try to logon they are warned someone is already logged on with the same user name and have to confirm that they should log the other user out.

So how can you get a user logged out cleanly when the browser is closed directly?

The solution is actually quite simple.  First, create a frameset with no border and a hidden top area (0%), this will be your default page for the application in IIS, let's call it default.html.  The top area links to a page called autologout.html.  The rest of the frameset displays your real default page default.aspx.  (note: if you already have a frameset with a static 'header' page you can put the unLoad logic from autologout.html into that page).

    <TITLE>TSS 2006</TITLE>
    <meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1">
    <meta content="" name="vs_targetSchema">
  <frameset rows="0%,100%" border="0" frameSpacing="0" frameBorder="0">
    <frame name="autologout" src="autologout.html" scrolling="no" noresize>
    <frame name="main" src="default.aspx">
    <p id="p1">
      This HTML frameset displays multiple Web pages. To view this frameset, use a
      Web browser that supports HTML 4.0 and later.

Inside autologout.html is very simple;

  <body onUnload="self.parent.location = 'logon.aspx'; d = new Date(); while (1) { mill=new Date(); diff = mill-d; if( diff > 2500 ) {break;} }">

The tiny bit of JavaScript in onUnload is fired when a page is unloaded from the browser.  This event fires in both IE and Firefox (although not in Opera) when the browser is closed.  The JavaScript loads another page, in this case logon.aspx, waiting for a good 2500 milliseconds for the page request to be issued to the server, before allowing the browser to close.

Inside your logon.aspx page which performs the actual user logon you would want to put logic in the Page_Init or Page_Load event which checks for a user already being logged in, and if so, logging them out cleanly.  This might be checking for a session variable, or a forms authentication cookie.  My assumption is that if a user loads the logon page they would always want to be logged out anyway (it saves having a logout page as well as a logon page).  It just happens that this can be used by autologout.html as well, by loading the logout.aspx it logs the user out. 

Alternatively if you do have a specific logout.aspx page which performs the necessary deeds of logging the user out, make autologout.html load this page instead.

(copy of this article at

Print | posted on Wednesday, September 14, 2005 5:20 AM

Comments on this post

No comments posted yet.

Your comment:

 (will show your gravatar)