is there any solution how can i close the browser completely? I need this because I am using Single Sign On from other page and on that page it is written that only closing the browser will log out the user.
A:
No you cannot force a user's browser to close without their permission.
Edit: Even though there are workarounds for some browsers, it is a bad practice and considered intrusive.
Andy West
2009-11-25 08:05:46
ok, I understand. So is there any way I can force the mentioned logout
Peter
2009-11-25 08:08:06
As mentioned in other answers, deleting any potential session cookies is likely the best way. Other than that, you can warn users of the risks and ask them to close the browser when they do log out.
Andy West
2009-11-25 08:10:20
+4
A:
You can't close the users browser, but if you can identify the cookie which contains the session, you may be able to clear it. How you would do this depends on the language you are using.
In Javascript, you would have be operating on the same domain as the cookie you want to clear
var expired = new Date();
expired.setTime(mydate.getTime() - 86400);
document.cookie = "my_session_cookie_name=; expires=" + expired.toGMTString();
On the server-side, you can output headers to set or clear cookies. Depending on the users browser settings, you may be able to set cookies on 3rd party domains. Here's an example in PHP
setcookie ('my_session_cookie_name', '', time() - 86400);
//clear cookie for example.com
setcookie('my_session_cookie_name', '', time()-86400, '/', '.example.com');
Paul Dixon
2009-11-25 08:07:20
If you can set them, you can clear them, there's no difference. It really depends on whether the browser is configured to accept them.
Paul Dixon
2009-11-25 08:37:44
Yes, if you can set them you can clear them, because they both are Set-Cookie headers, so my point is you cannot set them across domains (unless the response is from a sub domain such as sub.example.com setting a cookie for .example.com)
Murali VP
2009-11-25 09:37:03
You can set them across domains, but depending on the security settings in the browser, they may be blocked, the user may be prompted to confirm, or they may be silently accepted. Here's how you would configure Firefox to block 3rd party cookies: http://support.mozilla.com/en-US/kb/Disabling+third+party+cookies
Paul Dixon
2009-11-25 09:58:52
+2
A:
No, you cannot.
that page it is written that only closing the browser will log out the user
If you could run JavaScript in the right domain (the Single Sign On server's domain), I bet that you can log the user out just by deleting the session cookie.
intgr
2009-11-25 08:07:48
A:
Atleast not in Firefox, otherwise it will be a big usability issue.
delete the cookies when you close the tab.
Priyank Bolia
2009-11-25 08:08:20
A:
it's possible to close browser opened via javascript but since the user open the first browser it won't be possible to close all browsers.
your SSO should have some kind of logout function, it would be better. This function would clear the user cookies or clear the session on the server side.
RageZ
2009-11-25 08:08:40
A:
Hi
Its very simple,
just add javascript
<td width="10%"><div align="center"><a href="javascript:window.close() "><font color="#ffffff">Close</font></a></div></td>
thnx
RRaveen
2009-11-25 08:45:11
A:
If each SSO site is given its own cookie, you may need to log the user out of each SSO site individually. Hopefully each site has its own "log me out" URL and you can open a page with multiple iframes to each SSO site.
a paid nerd
2009-11-25 08:56:52
A:
You can set them across domains, but depending on the security settings in the browser, they may be blocked, the user may be prompted to confirm, or they may be silently accepted. Here's how you would configure Firefox to block 3rd party cookies: support.mozilla.com/en-US/kb/…
And how can I set them across domains?
niao
2009-11-25 10:03:51