Omicron Llama

Coding all day, every day.

SharePoint 2010 FBA and Logging out when closing the browser

Upon revisiting this issue, I’ve discovered that this method is completely redundant thanks to the April 2011 CU. Read here for more details.

Had a requirement today to have our FBA based site log the user out automatically upon closing the browser.

Our site has ‘username and password’ controls on a visible portion of the web site, in a content area, not on a ‘custom form’ per se. Therefore we can’t make use of the asp:Login control which you normally get.

A separate requirement for needing to expire sessions after a set time helped us out with this, really simply too.

Have a read at this first. SharePoint 2010: Set session timeout on a FBA enabled site

So, from that article, you have a custom SPHttpApplication object loaded via your Global.asax file, handling the method “SessionSecurityTokenReceived”.

In order to log the user out when the browser is closed, we basically need to set the Session’s token to be non-persistent. This is simple to do as we can get or set the SessionToken object via the event’s arguments.

If you want a trimmed down version which does only the handling of expiring sessions on browser closing, then use this version of the event handler:

Wire this up to your custom Global.asax file as in the link above, and you should have FBA users logged out when they close their browser.

No ugly Javascript hacks needed for this! Try it, let me know how well it works! If this trimmed down version doesn’t work, follow the blog linked above in it’s entirety, and added the IsPersistent = false line just after the ReissueCookie one.

2 thoughts on “SharePoint 2010 FBA and Logging out when closing the browser

  • Md Arshath says:

    Hi James,

    I am already using the ‘Session Security Token Expiration’ to automatically sign out after a given time. This works great.

    I also have the same requirement to logging out when closing the browser along with Session Security Token Expiration.

    So I have added the IsPersistent = false line just after the ReissueCookie = true as you have mentioned.

    Now what happened was ‘Logging out when closing the browser’ works fine but it broke the Session Security Token Expiration and it never expires.

    Did you face this issue and do you have a solution for this?


  • Ray says:

    This will work but will switch to session cookies from persistent cookies. Can no longer open office documents in sp without prompting for login credentials.

Leave a Reply

Your email address will not be published. Required fields are marked *