>Sometimes we want to send a piece of data to our servers when user leaves our website or webapp.

I've never.

>Maybe it’s for for analytics or even auto-logout when they leave the website.

Just don't persist the auth token? Analytics is blocked at the DNS level anyway.

There might be some sensitive applications where server might want to immediately revoke credentials server-side though.

▲

meindnoch 5 days ago | parent [-]

And what will this hyper-sensitive application do if I yank the power cable from the computer? Or if I quit the browser with kill -9?

See, this is one of those "features" that clueless PMs ask their developers to implement, not having the technical knowledge to realize that their idea is unsalvageable. My other favorite is email address "validation" with ad hoc string format checks.

	▲	can16358p 4 days ago \| parent [-]
		It's just an extra measure, not protecting the server from a malicious user, but an honest user's potential mismanagement of credentials.