#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2001
    Location
    sydney, australia
    Posts
    68
    Rep Power
    17

    cleanup if browser window closed


    I want to call a function if a user closes their browser window.

    I have a username/password system that changes a database value if the user signs out

    but what if they don't and they just close the browser window? they then will not be able to login again unless a function is called to update the db

    can anyone help?
  2. #2
  3. No Profile Picture
    Senior Member
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Nov 2001
    Location
    Boston Ma.
    Posts
    1,529
    Rep Power
    0
    Hi

    trying to provide this type of system is great, don't worry if they don't logout, just do what I do, say they don't logout, next time they try to login, verify the last logout, if they did not logout, location header to a nice friendly error page telling them how important it is for them to logout, then they can login from that page and it will clear the old no logged out session!.......


    If you want an example, just tell me and I'll give you a URL, to try it.....


    F!
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Jul 2001
    Location
    Oslo
    Posts
    1,516
    Rep Power
    18
    There is no way of doing this because HTTP is stateless. The best you can do is have a javascript which notifies you that the user has left the page using the onunload event, but this will only work in some cases.

    If the users have to log out to be able to login again later, then I would say your system is flawed. Imagine if the same was the case for Windows, and windows crashes (of course, that's a very unlikely event...), you wouldn't be able to log in to windows again...
    --
    Regards
    André Nęss

    Puritanism: The haunting fear that someone, somewhere may be having fun
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2001
    Location
    sydney, australia
    Posts
    68
    Rep Power
    17
    the reason for making people log in and out is only to stop more than one user logging in under the same user name and password at the same time

    but i guess this should be ignored as its not a very likely event

    thanks for the help everyone
  8. #5
  9. No Profile Picture
    Senior Member
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Nov 2001
    Location
    Boston Ma.
    Posts
    1,529
    Rep Power
    0
    Hi


    no no no, you miss-understand me............



    go here...............


    http://www.ya-right.com/


    login........

    username : sambar

    password : test


    Now try 2 different things................


    TEST 1......

    login, then after logging in, just close your browser......

    Then try to login again...............

    you will get a nice access error.........


    TEST 2.............


    login, then without closing the browser, open a new browser and try to login again, you will find that you not only can not login on the first try, but you will also kill the session that has the window open......


    This stops, more than one person being logged in at the same time, and keeps track of people who forget to logout.


    It uses no cookies and is a pure state-less server side control session, without $vars being passed........

    F!
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Jul 2001
    Location
    Oslo
    Posts
    1,516
    Rep Power
    18
    Eh... I just wanted to point out that this site uses a cookie. It is impossible to maintain a state without either a cookie or passing variables (one is not more secure than the other though).

    The real security issue with webbased mail clients like this is for people using public computers, and you can't really fix that, you just have to tell people to always log out, if they don't, they risk being screwed.
    --
    Regards
    André Nęss

    Puritanism: The haunting fear that someone, somewhere may be having fun
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2001
    Location
    sydney, australia
    Posts
    68
    Rep Power
    17
    thanks for the help

    i'll check out your system fataqui
  14. #8
  15. No Profile Picture
    Senior Member
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Nov 2001
    Location
    Boston Ma.
    Posts
    1,529
    Rep Power
    0
    Hi andnaess



    Maybe your system uses cookies, and you can't find a way to control a session without them, but mine does not, it use's advance session handling, were the server maintains the session, so never is a session $var passed, true $var's are passed but they have nothing to do the session state, how my system works is very complex in that the name not just the value of the session changes at each page turn.......


    Example..........

    PHP

    $session_id = $session_key;

    ^^^^^^^ the name never changes

    In my system.........

    page 1

    could be...........
    $q8759hum = $session_key <= random

    page 2

    could be.........
    $ymf59865899 = $session_key <= random

    When you enter the system random RSSV, are built they hold all user info, they equal to NULL if the user requests them, they only hold a value to the server, in all forms (post) within the service, or (get) through url request, only values that the user selects can be passed, and any value passed can not overide the servers set RSSV values.


    So a form might have 3 inputs showing on the page, but when that form is submitted, the server through RCcommands adds the name value pairs that the user never see's to those 3 input, so the form can be submitted......


    You can never have enough security, thats why every page turn in my system, it performs 5 different verify user checks, and it all done without one database call or reading some file......


    F!
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Jul 2001
    Location
    Oslo
    Posts
    1,516
    Rep Power
    18
    Ehm. Are your "advanced" session handling simply the PHP session handling? Anyway, if you want to see that your site uses cookies, try setting cookie-acceptance to "Prompt" in your browser, and log in, a prompt asking you to accept the per-session cookie will appear, with the session id as value

    If you think a little bit about it, you'll realize there is absolutely no possible way to implement some notion of sessions without passing some sort of session id or similiar data between the client and the server. Whether you use a cookie or pass this id variable through the url is really irrelevant -- both solutions are equally secure.

    If you don't pass any such data, how on earth is the server supposed to know who the hell some user is?
    --
    Regards
    André Nęss

    Puritanism: The haunting fear that someone, somewhere may be having fun
  18. #10
  19. phpkid ~~~~~~ :o)
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Nov 2000
    Location
    NJ, USA
    Posts
    2,534
    Rep Power
    20
    Hey And,

    Normally her networks , scripts and everything is VERY VERY *COMPLEX*.

    We better stay out of it !!!

    JD
    _____________________________
    d.k.jariwala (JD)
    ~ simple thought, simple act ~
    I blog @ http://jdk.phpkid.org

IMN logo majestic logo threadwatch logo seochat tools logo