I have a general architectual question about simple cookie-session based authentication.
In my web application I create a session when a user logs in and return a cookie with the session id which is then sent back from the client/browser with every request and so on and so good. But now what if the user manually deletes this cookie with the session information in his browser? Because on the server the session still exists then and the user is thereforecmore or less still logged in on the server. However there is no more cookie returned from the client and the server will treat it like an unlogged user. How do I solve this? Cause Ideally I would like to delete the session (and additionally log out the user in the database) just each time the user manually deletes the cookie in the browser.
Thank you!!
Aucun commentaire:
Enregistrer un commentaire