Home/ Questions/Q 960487
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T01:11:23+00:00

Storing the session id on the client computer is no problem and is very

  • 0

Storing the session id on the client computer is no problem and is very straight forward. The problem is to store the actual session on the server until I’m actually feeling I’m done with it.

The garbage collector is pretty clear about how it works. I can see no way to prevent it from cleaning up the garbage within a certain time. I can set that time high, but then risking session hijacking (Which still is very small and hijacking the session would be of no greater use for a cracker) or having the session directory overcrowded (guess that you really need huge traffic for this to occur but still…)

Is the only solution to make regular http requests with javascript to prevent the GC to eventually grab the session if the client is idle?

Thanks in advance

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Pretty much yes. You can’t reliably detect that the browser window has been closed. Even though JS offers on widow close event, you should not use it, as closing the browser by clicking ‘close’ button is only one of several ways the client session might end.

    Other possibilities:

    1. Browser crashes
    2. Client’s computer crashes
    3. Network connection dies
    4. Several browsers don’t consider closing the window an unload event (Opera doesn’t even consider closing a tab or moving away from a webpage by typing an address in the address bar an unloading event)
    • 0