??? But that isn't the same thing at all!
The OP is looking for a way to be notified *when* a user navigates away from
the site or closes the browser.
Peter's code will check *if* a user's Session has timed out, but only in
response to *another* HttpRequest from that user - if the user navigates
away from the site or closes their browser, none of this will ever happen...
Thanks for correcting my mistake.
So if one then tried to read the user's cookie what would one get? And
what of the security context surely that will no longer return a UserId
(if one put it there in the first place) ?
Say the user visits the site at 13:00 and navigates away at 13:10 and
the session timeout is set to 20 minutes. Are you saying that for the
last 10 minuters, after the user has navigated away, that the session id
and UserId in the security context will still be there - implying that
the user is still present? I was under the impression that the session
id relied on cookies (by default). I realise that http is stateless but
is the user cookie cached on the server and not read afresh each time
one "reads" it? - if so, what would happen if one tried to write a
cookie to the now absent user after they had navigated away?
It just doesn't make sense to me that a user navigating away can't be
detected.