The problem here is that HTTP is a completely stateless protocol.   Someone can close their browser or completely turn-off their machine, or a cosmic-ray can go zipping through some circuit-board somewhere, or anything at all can happen such that “the user is now gone,” and there is nothing in this world that will tell you that this has occurred.   A user’s browser could crash, for any reason or for no reason at all, and now that user is locked out of your application.