Yes, you're right. That's why i hate IE.
So following your advise i set to blank all my session vars and end the session. That way doesn't matter what happens the user will lose the access to the system.
Let me share my last code ->
If the user have had more than "n" minutes of inactivity then i call this funx.
Code:
FUNCTION dropUser RETURNS CHAR (INPUT dropMessage AS CHAR):
SETSESSION("sessionTime","").
RUN endSession IN web-utilities-hdl.
RETURN "<a href='login.html' target='_parent'>" + dropMessage + "</a>".
LEAVE.
END FUNCTION.
Next time the user try to access the system i verify the sessionTime var,
If blank then the user have no access and take it out again to log-in page.
Thank's for your help Casper.
Best Regards!
Israel M.|