In my application the user has logged in ( session created ) . Then on the same browser user types : www.google.com . Then when he comes back to my site he is still logged in . I want to invalidate his session .
How this can be done ?
If the user switches to a URL that isn't part of your application, you won't know it. You would just have to wait until the session times out.
No need to wait till session expires. You can use the "referer" header to figure out whether user has left your application and switched to someother application and back with requests for some of your application resources.
I tried with "referer" header and it worked for me.
Originally posted by Vishnu Prakash:
But the one issue with this is you can easily get back to your resources with back browser button. Ben is there a way to control this?
Not reliably, which is why I said what I did earlier.
If this is a big concern, you might want to shorten the session timeout.
By the way: I agree completely with Paul's comment.
As a user, I would consider any app that tries to control my screen or console to be a poorly written piece of crap.
[ December 09, 2005: Message edited by: Ben Souther ]