Forum: Ruby on Rails Catch the browser close event

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Hiro (Guest)
on 2009-03-02 18:30
(Received via mailing list)
Hi everybody,

I'm pretty new in rails so I've been "playing" programming simple app
one of the was an app with a login and session management. Up to here,
everything is pretty smooth, as rails; but I have a question that I
can solve, that's why I'm writing to the group. Is there a way to
catch the browser close event? I want it to end the users session,
because if the user close the browser and try to sign in, I get the
"user already logged" message.

I hope someone can help me! Thanks!
Frederick C. (Guest)
on 2009-03-02 18:42
(Received via mailing list)
On Mar 2, 4:04 pm, Hiro <removed_email_address@domain.invalid> wrote:
> Hi everybody,
>
> I'm pretty new in rails so I've been "playing" programming simple app
> one of the was an app with a login and session management. Up to here,
> everything is pretty smooth, as rails; but I have a question that I
> can solve, that's why I'm writing to the group. Is there a way to
> catch the browser close event? I want it to end the users session,
> because if the user close the browser and try to sign in, I get the
> "user already logged" message.
>
well windows do have an onclose event but I'm not sure that an ajax
request fired from there would work (the browser might just destroy
everything associated with the page at that point). Even then you'd
have to deal with browsers crashing, internet connections dropping out
etc. so my advice would be to not relying on detecting the end of
someone's session and make your login code a bit more flexible.

Fred
Starr H. (Guest)
on 2009-03-02 19:20
(Received via mailing list)
> > I'm pretty new in rails so I've been "playing" programming simple app
> > one of the was an app with a login and session management. Up to here,
> > everything is pretty smooth, as rails; but I have a question that I
> > can solve, that's why I'm writing to the group. Is there a way to
> > catch the browser close event? I want it to end the users session,
> > because if the user close the browser and try to sign in, I get the
> > "user already logged" message.

If the user is already logged in, why not have the session controller
redirect
them to an appropriate page?

Also, If you want the user's session to end when the browser is closed,
just use
a session cookie.

SH
Hiro (Guest)
on 2009-03-02 22:37
(Received via mailing list)
[..]
>
> If the user is already logged in, why not have the session controller redirect
> them to an appropriate page?

Since I'm building rails app just for learning proporses this could
work, but what happend if this were a real app and another person
tries to log-in using the same user-pass, it would allow 2 or more
people logged with the same user.

> Also, If you want the user's session to end when the browser is closed, just use
> a session cookie.

I'll check what a session cookie is and write if that worked.

> SH

Thanks for the reply!!!

Hiro
psujohn (Guest)
on 2009-03-03 00:09
(Received via mailing list)
> Since I'm building rails app just for learning proporses this could
> work, but what happend if this were a real app and another person
> tries to log-in using the same user-pass, it would allow 2 or more
> people logged with the same user.

Two different problems.

1) Different people are able to login at the same time with the same
username using different PCs. To prevent that you need to write into
the database when someone is logged in and have them logout or
timeout.
2) Someone on one PC logs in, closes the browser, re-opens the browser
and attempts to login again. That is what's giving you a problem in
your original post. So do what was recommended and automatically login
the user if they still have a valid session.

> I'll check what a session cookie is and write if that worked.

A session cookie expires when the user closes their browser. If you
really want to force the user to re-login when they close the browser
and then re-open it soon thereafter this is the way to go. But this
doesn't at all prevent multiple people from using the same username/
password at the same time.
Robert W. (Guest)
on 2009-03-03 00:49
psujohn wrote:
> A session cookie expires when the user closes their browser. If you
> really want to force the user to re-login when they close the browser
> and then re-open it soon thereafter this is the way to go. But this
> doesn't at all prevent multiple people from using the same username/
> password at the same time.

Doesn't Rails use a session cookie by default. In fact, by default, the
entire session state is stored in a session cookie. It's my
understanding that extra code must be added to maintain a user's session
from one browser launch to the next.

Maybe I'm missing something here?
Hiro (Guest)
on 2009-03-03 00:56
(Received via mailing list)
[..]
>
> Two different problems.

You're right, they're two different problems, now I see it more
clearly.

>
> 1) Different people are able to login at the same time with the same
> username using different PCs. To prevent that you need to write into
> the database when someone is logged in and have them logout or
> timeout.

I'll try that, if I understood I  need a sort of flag[in db] that
indicates me if a user is connected or not and validate that flag in
the login.

> 2) Someone on one PC logs in, closes the browser, re-opens the browser
> and attempts to login again. That is what's giving you a problem in
> your original post. So do what was recommended and automatically login
> the user if they still have a valid session.

OK, I'll do as recommended!

>
> > I'll check what a session cookie is and write if that worked.
>
> A session cookie expires when the user closes their browser. If you
> really want to force the user to re-login when they close the browser
> and then re-open it soon thereafter this is the way to go. But this
> doesn't at all prevent multiple people from using the same username/
> password at the same time.

I'll try it, too. But I think the point 2 it's a better solution

Thanks for the reply!!!

I'm going to try this new things and write if it worked!

Hiro
bill walton (Guest)
on 2009-03-03 04:00
(Received via mailing list)
Hello Hiro,

On Mon, 2009-03-02 at 08:04 -0800, Hiro wrote:

> Is there a way to catch the browser close event?

There is no reliable way to do this.

> I want it to end the users session, because if the
> user close the browser and try to sign in, I get the
> "user already logged" message.

Do you want closing the browser to end the user's session?  Or are you
just wanting to avoid the user trying to sign in and getting an error
message when they already have a valid session and don't need to sign
in?  The first is difficult.  The second, easy.  Let us know.

Best regards,
Bill
blasterpal (Guest)
on 2009-03-03 04:04
(Received via mailing list)
I second Bill.

H
Hiro (Guest)
on 2009-03-03 06:18
(Received via mailing list)
[..]

> > Do you want closing the browser to end the user's session?  Or are you
> > just wanting to avoid the user trying to sign in and getting an error
> > message when they already have a valid session and don't need to sign
> > in?  The first is difficult.  The second, easy.  Let us know.

The first one. Maybe it wasn't clear but I'm doing this app from
scratch (trying to learn ruby and rails)... so I can avoid the error
message because I wrote it.

I haven't check the cookie session stuff... but if there other options
or answers I'll glad to hear (actually read) them.

Thanks!! everyone for the answers!!!

Hiro
Greg D. (Guest)
on 2009-03-03 06:36
(Received via mailing list)
On Mon, Mar 2, 2009 at 7:59 PM, bill walton 
<removed_email_address@domain.invalid>
wrote:
>
> Hello Hiro,
>
> On Mon, 2009-03-02 at 08:04 -0800, Hiro wrote:
>
>> Is there a way to catch the browser close event?
>
> There is no reliable way to do this.

<html>
<head>
<title></title>
<script language="JavaScript">
<!--
cancel = 0
window.onbeforeunload = bunload;
function bunload()
{
  if( cancel != 1 )
  {
    dontleave="You must click the submit button below to complete the
sharing";
    return dontleave;
  }
}
function cancel_bunload()
{
  cancel = 1;
}
//-->
</script>
</head>
<body>
Please stay on this page!
<br><br>
<a href="confirm_close.html">A link the user shouldn't click</a>
<br><br>
<form method="post" action="confirm_close.html">
<input type="submit" name="submit" value="submit"
onclick="cancel_bunload()">
</form>
</body>
</html>



--
Greg D.
http://destiney.com/
Starr H. (Guest)
on 2009-03-03 16:45
(Received via mailing list)
> window.onbeforeunload = bunload;
> function bunload()

The beforeunload event is also fired on page refresh & when you browse
away from the
current page.

Also, what happens if the power goes out on the user's computer?

Really, there's no way to detect a real "browser close" event in a way
that works 100%
of the time. The closest thing you can do is to have the browser
continually ping the
server, then detect the absence of that ping. But that would be extreme
overkill for
this situation.

SH
Matt J. (Guest)
on 2009-03-03 21:42
(Received via mailing list)
On Mar 2, 5:09 pm, psujohn <removed_email_address@domain.invalid> wrote:
> timeout.
As someone who's used an app with this behavior - just don't do it.
Network
outages = fail, PC craps out = epic fail. The app in question was even
more
restrictive - it tracked the IP the user was logged in, and wouldn't
permit
logins on other IPs. A tech had to manually unlock accounts to get
users
back online. NOT GOOD.

There's also no reason to ever do this - if a malicious attacker
already has a
user's login AND password, the game is over. "One session per account"
is
just going to annoy legitimate users (who forget to logout before
going to work, etc.)

--Matt J.
Harp O. (Guest)
on 2010-04-01 01:09
bill walton wrote:
> Hello Hiro,
>
> On Mon, 2009-03-02 at 08:04 -0800, Hiro wrote:
>
>> Is there a way to catch the browser close event?
>
> There is no reliable way to do this.
>
>> I want it to end the users session, because if the
>> user close the browser and try to sign in, I get the
>> "user already logged" message.
>
> Do you want closing the browser to end the user's session?  Or are you
> just wanting to avoid the user trying to sign in and getting an error
> message when they already have a valid session and don't need to sign
> in?  The first is difficult.  The second, easy.  Let us know.
>
> Best regards,
> Bill

Bill...
I'm trying to have the user session expire on a browser close. Is there
an easy way of doing that?
This topic is locked and can not be replied to.