I'm developing a web application and using server session to control access to the application, this session should be terminated when the user logs out of the application, when closing all the tabs of the application or when it closes the browser. >
I would like to know which best practices for this type of control?