This is in context to an ASP.Net application. The application makes use of a specific data which is set for a page. After this data has been set all the operations from this page onwards use the set data.
The problem is that if the user opens another tab with a competing data it overwrites the older data for the same session and for the same user which invalidates the operations on the first tab.
I know the suggested way is to refactor the code to remove such coupling but that is not possible. Here's another thread that discussed this but didn't specify any solutions other than refactoring the code (http://stackoverflow.com/questions/632062/ways-to-detect-ctrl-n-or-when-a-user-opens-a-new-window)
So, how can I detect (and notify the user) or stop the user from opening another tab - through javascript/Jquery?
You could set a session variable isActive and set it to true, along with all the other session data when the user opens the application the first time. After this, if the user opens another tab, check to see if isActive is true. If it is, inform the user and don't set the data again.
In pseudo-code, your logic should flow like this
if (!isActive)
//set session data
else
//alert the user: You have another active session
This would be a better solution because there is no guarantee the user does not visit the page to set the session, then temporarily turn off Javascript to launch a new tab without you being notified.
You should realize that you cannot prevent multiple pages being open on the same site by the same user. A user can always do such an operation using multiple different browsers on the same computer or browsers on different computers. As such, what you really need to do is to design your application to either just handle this situation gracefully or detect such a conflict and decide what the safest action is to take when it occurs (chances are, at the server, you either ignore the data from all sessions but one or you somehow merge them all together). What the safe action is depends upon what the data is or how it was changed.
The most straightforward option is to coin a new server-based session for the user each time the user visits and, at the server, invalidate all previous sessions so any older session that tries to make any future updates to the server will be denied because of an invalid session. This prevents any sort of multi-session data conflict.
If you want to be able to inform the user when their session becomes invalid, you could do a slow poll of the server (say once every 20 mins) as long as the window is open and on your site to check the session validity such that you can inform the user when their session has expired.
Related
I have a page which alters the dom based on user interaction. However, the user might click on a link, which will navigate to an external site. If the user clicks the back button, my page is shown again, but the dom changes do not persist.
What is the best way to keep track of the user interactions so I can rebuild the page on their return?
To maintain state and rebuild the page, I need to keep track of 7-10 variables.
Some ideas I had:
server-side session - would require a callback to the server every time a variable changes value?
client-side cookies - what if the user disables cookies?
hidden form fields - most (all?) browsers locally cache form data, so hitting the back button should retain?
In most cases I'd say the best way to do this, is to represent the page state in the URL.
Here's why:
Because a URL is such a simple concept, this method works regardless of what browser or what privacy settings (e.g. allow cookies and local storage) are used.
If User A would send the URL to User B who would like to see the page in the same state, this would still work. This wouldn't be the case for any of your considered methods.
If the variables you want to keep track of are related to a specific user (or session), it would be wiser to track these in some sort of session. This could be both server- or client-side.
Local or session storage (HTML5 Local storage vs. Session storage) are possible solutions, but have some limitations.
Doesn't work in every browser or browser settings (HTML5 local storage isn't supported in older browsers and I know for instance that running Safari in private mode doesn't allow local storage)
If you would send the link to another user he wouldn't see the page in the same state because he hasn't visited the page before, and his local or session storage hasn't been filled with the correct values.
Try the Session variable:
sessionStorage.setItem('key', { "data": "mad data here" });
then to recall it:
var data = sessionStorage.getItem('key');
You could use jQuery as such upon loading the page:
document.load(function() {
var data = sessionStorage.getItem('key');
if (data) {
data.doStuff();
}
}
I have made a laravel 5.2 app which records transaction of a warehouse .. now my client wants me to give a feature which will prevent his employees from closing the browser.I know it is possible in desktop apps.My client wants to prevent his employees from stealing the money by not saving the transaction. Is there any way i can prevent the user from not being able to close the browser/window or can i record everything if someone closes the browser/tab/window without clicking save button (to catch the criminal :D)
No, you cannot prevent the user from closing the browser from via your web site, neiter from server, nor from client side. Special software installed on the computer may make it possible, but the employer could e.g. simply kill the browser process.
One workaround that would make data loss less likely (though not impossible) would be to automatically save the data every time the user changes anything on the front end, e.g. via XMLHttpRequests.
In any case, you have to ensure in the backend (which is not in the control of the end user), that only complete and valid transactions are being saved and incomplete transactions are discarded. By doing this, the issue you are describing should be completely avoidable.
It is also very simple to check if a transaction was completed or not and who worked on it.
The moment, the employee logs in or starts a new transaction, a flag is set, which indicates an unfinished transaction. This event is also documented in a log. When the transaction is finished correctly, the flag is removed and another logentry is created. If not, there are irregularities visible in the log.
In this way, it is also possible to set a time limit for the duration of an transaction.
I use the localStorage to write and read values from/to controls of HTML forms. Is this object "multiuser proof" i.e. is one concurent user isolated from another user when concurently using the same form ? Since the localStorage is client-side, the answer should be "Yes", but I just wanted to make sure.
I thin since localStorage is client-side, so the answer is "Yes", but
I wanted to make sure.
Yes, localstorage is on the browser.
Browser is a single-threaded and single-user environment.
There is no possibility of concurrency or race condition on a browser.
Each user has its own browser session (by virtue of being in different machines, VM's etc), so nothing is shared on the client side. At a time only one user works on a system (even if the system is shared or has multiple profiles).
So, you can be totally sure that localstorage is totally thread-safe :).
what if the user does multiple logins from the same browser?
In practice, a user will have only one active login session from one browsing session. Even if you have multiple google accounts, only one will be able to login at a time.
You can still prefix the user-id to the key names you use, for example
localStorage.setItem( user_id+"_preferedLocale" , "en");
and fetch for a specific logged in user as
var userLocale = localStorage.getItem( user_id+"_preferedLocale" );
I need to build a feature like most of the banks use. Where..
if user has log in to bank account in a browser tab & again he/she change the url of browser & move to some other site.. and again come to bank's page by clicking browser's BACK button.. then bank automatically log out user from there site.
I think may be by java script we can do this.. but, can not able to understand how to do this. I'm using PHP for my server side script. Is this, possible by PHP to do this..
Regards
Suresh
This not a java/PHP question but depends on the exact behaviour you want to implement.
The only way to track the user "live" is through javascript. So if you want to know when the user leaves the page, you can bind yourself to an event listener and then do an ajax call or something like this that invalidates the session on the serverside. Keep in mind that users may be browsing your site with JS disabled, so you need a fallback on the serverside.
I would recommend you to implement session storage on the serverside with a storage mechanism (either the built-in PHP session store or some external storage like Couchbase or Redis, Memached,...) and set the logout time to a sane default (lower if it is something like a banking application).
If you have the basics in place, use JavaScript to enrich the user experience, for example by showing a "countdown" when the user will be logged out and sending session refresh ajax calls to the server to renew the session every time the user has an interaction with the website and such.
For more detailed information I'd need more requirements from your side!
Is there any way to detect when a user leaves a page, no matter if it's by closing the browser, entering a new URL in the address bar, clicking on a link that redirects to other domain, etc. ?
The main purpose of this would be to perform some activities such as:
sync with the server some data that resides in the client side
clear server session
I was trying with the window's unload and beforeunload events, and reading other questions like:
Best way to detect when a user leaves a web page?
//
Is there any way to know that user leaving a page with asp.net? but I didn't find the answer I would expect.
Here is a simplified js snippet to understand what I was trying:
window.onunload = function(){
if (theConditionThatINeed){
doThings();
SyncWithServerAndAbandonSession(url, localObjects);
}
else {
doNothing();
}
}
I don't want to display any kind of confirmation before the user leaves, so I think that the onbeforeunload won't help me here.
Supposing that the answer is "there is no way to do such thing", what would be the recommended practice to accomplish the synchronization and session clearing that I want?
The primary browser that I support is IE >= 7
As you already read, it is not reliably possible to detect whether the user leaves your page.
Generally it is not good practice to store any unsynced state on the client side. Browsers are easily closed or crashed.
You can send yourself ajax keepalive messages via javascript, in case the user does anything on your page. Again, very unreliable, wasteful and hacky.
Auto-Sync after a short timeout.
Take a look at RESTful web applications. The concept is interesting, and, very superficially spoken, discourages keeping state information on the server. You can apply this to the client as well.
This usually results in keeping state information in the URL. The URL tells the server anything it needs to know to service the request, it should not need a memory (the session) of any previous activity.
I try to only keep the user identification info in the session. I would get rid of this too, but some tools and libs need the user in the session.