Differentiate browser/tab close and refresh event? I know this is not new question in stack overflow but still struggling out. Actually I need to logout user using server call if browser gets close.
I have tried tab count logic. But when I have only one tab left then its impossible to tell if its refresh or tab/browser close event .
If your goal is for the user to stay signed in for only the session, you can use session cookies to store the auth information. A session cookie is cleared when the website or browser is closed. See more information here.
Related
I'm trying to keep track of all the users logged in to my socket.io / nodejs app.
When someone logs in I simply do:
sessionobj[result[0].username] = sessionId;
This also works fine if someone opens the site in multiple tabs, as they will still have the same username, and will only be added once to the sessionobj.
The problem occurs when someone closes one of the tabs. Ideally, I want the user to be "logged out" when he has no tabs open, however, I'm not sure how to accomplish this. For example, if the users has 2 tabs open and I add the line:
delete sessionobj[socket.handshake.session.username];
to the socket.on('disconnect' event, the user will be deleted when he closes one of the tabs, even if the other tab still remains open. Is there any way to keep track of this accurately?
Just store information about the current number of tabs somewhere, e.g. in the localstorage. Whenever a tab is opened you add one and when a tab is closed you substract one from said number.
Thus you know how many windows are open and can simply not call your disconnect event when there are more tabs of your app around.
I need to end a user session only in case when user closes the window. I want to retain session if the user refreshes the page or hard reload the page(chrome) with ctrl+shift+r.
I have read post on this forum about usage of window.unload method but this method is called also in case of user refreshes the page with F5 or hard reload it or keep his cursor in address bar and hit enter. I only want to end the user session in case he close a tab or window.
Thanks,
Hitesh
You can not do it in pure HTML5. This is a security feature of modern navigators.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
How we call logout servlet on browser close event
I want my site to automatically logout user when the browser closes. I use onunload in javascript. Now, my problem is it always logout the user everytime the user navigates to other page. What I want is just to logout when the browser closes.
Here's my code:
<script type="text/javascript">
window.onbeforeunload = confirmExit;
window.onunload = logout;
function confirmExit() {
return "Are you sure you want to leave?";
}
function logout() {
window.location = '<?php echo WEBSITE_URL ?>?logout=true';
}
</script>
Hope someone will help me ASAP!
In your case its better to send a ajax request to do the task rather then redirecting the user to logout.
Also send it on onbeforeunload
Or a better idea will be add a cookie with user last activity. and check on every page load the if the last activity is more then the required limit server redirect to the login page clearing the session.
I don't think it's possible to detect in javascript when the window is closed. As you've found out onunload event doesn't have the information why the page is unloaded: if the user closes the window or navigates to a different page.
What is more, the user may navigate to a different page by typing the url in the address bar - you might want to 'log him out' in that case too.
The best way to achieve it is to have a timeout on your session. This will work event if the browser crashes.
I want to clear session when browser window closed. But when i am trying to use window.unload event, it triggers also when back button clicked. How can i avoid it?. And clear session on window close.
The other posters are correct. There is a reason you see the following setup on 99% of sites.
Offer the users a logout button to close the session.
Otherwise time out the session after they have been inactive for 1+ hours depending on your paranoia level.
Unfortunately clearing the session on unload() is not a good way to do it. In fact that unload handler will even fire when they go to other pages on YOUR SITE. I highly doubt this is the approach you want to go with.
There is no way to do this that I know of. It would be a security issue if you were able to tell when someone is leaving your page for another or closing the browser.
As far as your page's security model is concerned once someone is off your page there's no telling what's happening anymore
The only way to know if someone has left your site is if... they stop loading pages.
You're best bet is to track a "Last Impression" time in the session in your server application. Update it to now every time they make a page request. If their Last Impression is ever more than, say, four hours old, you know they left for a while, so invalidate their session and start a new one for them.
I have a simple logon page. When the user is validated, the window navigates to a new page. The javascript is window.open('http://www.google.com',"mytest",'toolbar=no'); My expectation is that when it navigates away from our logon page and opens the google site that the back button would be disabled. But it's not. Does anyone have any idea why?
It depends on your browser. Ultimately, all you can do with javascript's window.open() is tell the browser what you'd like it to do, but it's not obligated to do it. Browsers can and do ignore some directives based on user preferences.
I believe the option your looking for is 'location=no', as that hides the address bar and therefore the back button too. The toolbar is things like favorites/etc.
This is bad practice - what happens if the user has javascript disabled? If the browser prevents the js from removing the toolbar of the main window?
Instead, amend the logon page to detect whether the user is logged in before showing the login form. If logged in, show a message saying so instead of the form - that way, a user clicking back won't be a problem.
I find it very annoying when a website messes around with my browser window, and generally don't come back.
This is what worked for me. Instead of disabling the back key. I listen for on unload event. I then write the following in javascript:
window.onbeforeunload = function () { return "You should not press the back button while in this application. If you continue, your work will not be saved and you will need to log back in."}
Java Script pops a dialogue box with OK and Cancel options. If the user clicks cancel. The application stays right where they are. The script is embedded within the tags. For me this is the ideal solution. I found this at
http://www.hunlock.com/blogs/Mastering_The_Back_Button_With_Javascript