Session variables are setting to empty or null when browser closed

Session variables are setting to empty or null when browser closed

  
Hi,
I have some trouble with below scenario, help would be greatly appreciated.

At login, once user is validated, i am using System Login which is setting userId and Username in to the session along with that i am also setting some other user related data in session. Once user logs in and go to the home page, just close the browser window without logging off (A logoff action which cleans the session, here all the data userid, username and data set by my login action is also cleaned). Now open broswer and type the homepage url, if i debug, session variable which set by my action  are cleaned by user id and user name are still present, because of which my action is failing. So my question here is why only the session variables which i set are cleaning and why not user id and user name.
Hi Thirupathi,
                      The way I went around this issue is to force user to login if any of these session variable is null. I know it is not the answer to your question. I would be intersted in knowing a better way.

Regards
What's probably happening is that you are using a "persistent login". When that happens, it sets an authentication token for the user in their cookies, good for 2 weeks or 20 days or something like that. When the user re-opens their browser, that cookie is still there, and the system automatically logs them in. That is why you see them have a session user ID and session user name.

However, the cookie used for their actual session has a 20 minute expiration and expires when they close their browser.

And that is why you see them still logged in, but with no other session variables.

You can do some of the following:

* Edit the ASP.NET Session settings on IIS to settings that make more sense for you
* Store the session variables in the database, associated with the user ID, and if the variables you are looking for are empty but the user ID is not, populate the session variables from the stores variables in the database.

We do the second item with our mobile application and it works fine.

J.Ja
Hi,

Another option is to get that information on the On Session Start action if the User_Id is set but your other variables are not.
The action will be called after all login/logout/tenantswitch operations, including the presistent login.

Thats actually the main reason why the "On Session Start" action exists, so information necessary for the session can be set when sessions are created/cleaned.

Regards,
João Rosado
How can i go away from "persistent login", want to use normal login, how can i do that?
Wherever you are using the Login action or User_Login fro the Users eSpace, set "persistant login" to "false".

J.Ja
Hi James, 
thanks for your response,
I am not using any user_login, in my action. I validate the user against ldap (extension for LDAP), if valid user, keep user details in session and show the home page.

I am doing any authenticatiion against database for users.

Thanks,
Thiru
Hi,

On your initial post you said that you are using the system login action. That action also takes a "presistent" parameter. Turn it to false.

Regards,
João Rosado
Yes Rosado, you are right, sorry for misleading, requirement has got changed and i have removed the system login action. There was bug in my code because of which wrong behaviour is shown. I have fixed now.

Thanks,
Thiru