You can delete cookies using javascript. And if you attach this to the browser close event, it will work.
<body onunload="deleteAllCookies()">
function deleteAllCookies() {
var cookies = document.cookie.split(";");
for (var i = 0; i < cookies.length; i++) {
var cookie = cookies[i];
var eqPos = cookie.indexOf("=");
var name = eqPos > -1 ? cookie.substr(0, eqPos) : cookie;
document.cookie = name + "=;expires=Thu, 01 Jan 1970 00:00:00 GMT";
}
}
This will clear all cookies onUnload, but cookies should be set using http-only. (read about xss and securing cookies :
Protecting Your Cookies: HttpOnly[
^])
And if your cookies are well protected, they can't be deleted using javascript.
A solution is to create a javascript function which call an aspx-page which clear the session and remove all cookies.
window.onbeforeunload = function(){
$.get('removeSession.aspx', function() {
});
}
In your removeSession.aspx you can do your stuff in page_load
protected void Page_Load(object sender, EventArgs e)
{
Session.Abandon();
foreach (string cookie in Request.Cookies)
{
Response.Cookies[cookie].Expires = DateTime.Now.AddDays(-1);
}
}