Nick Murdoch schrieb: > > > On 31 Jan, 23:16, Paul Johnston <[EMAIL PROTECTED]> wrote: >> Nick, >> >>> I'm just wondering if there's been any update on this, ie, is it yet >>> possible to have the user automatically logged out when they close >>> their browser window? >> It may be possible using javascript and ajax, although such solutions >> wouldn't be 100% reliable. >> >> But I really wouldn't worry about this, it's enough to just provide the >> user with a logout function and, as a backup, expire sessions after a >> period of inactivity. I've done security reviews on some very sensitive >> banking applications, and this approach was good enough for all of them. > > Thanks Paul. I suspected as much -- unfortunately it's a client asking > for this behaviour specifically, so I suspect I'll have to go with the > hacky javascript option on this one. I'd be quite happy with the > normal session expiration myself, if it were up to me :)
Can't cookies be made session-lasting only? I thought so... alternatively, setting the session cookie timeout very short (matter of minute) and updating it using a background-ajax-request as long as the app runs might be a more solid solution. Diez --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears?hl=en -~----------~----~----~----~------~----~------~--~---
