Catch the browser close event


#1

Hi everybody,

I’m pretty new in rails so I’ve been “playing” programming simple app
one of the was an app with a login and session management. Up to here,
everything is pretty smooth, as rails; but I have a question that I
can solve, that’s why I’m writing to the group. Is there a way to
catch the browser close event? I want it to end the users session,
because if the user close the browser and try to sign in, I get the
“user already logged” message.

I hope someone can help me! Thanks!


#2

On Mar 2, 4:04 pm, Hiro removed_email_address@domain.invalid wrote:

Hi everybody,

I’m pretty new in rails so I’ve been “playing” programming simple app
one of the was an app with a login and session management. Up to here,
everything is pretty smooth, as rails; but I have a question that I
can solve, that’s why I’m writing to the group. Is there a way to
catch the browser close event? I want it to end the users session,
because if the user close the browser and try to sign in, I get the
“user already logged” message.

well windows do have an onclose event but I’m not sure that an ajax
request fired from there would work (the browser might just destroy
everything associated with the page at that point). Even then you’d
have to deal with browsers crashing, internet connections dropping out
etc. so my advice would be to not relying on detecting the end of
someone’s session and make your login code a bit more flexible.

Fred


#3

I’m pretty new in rails so I’ve been “playing” programming simple app
one of the was an app with a login and session management. Up to here,
everything is pretty smooth, as rails; but I have a question that I
can solve, that’s why I’m writing to the group. Is there a way to
catch the browser close event? I want it to end the users session,
because if the user close the browser and try to sign in, I get the
“user already logged” message.

If the user is already logged in, why not have the session controller
redirect
them to an appropriate page?

Also, If you want the user’s session to end when the browser is closed,
just use
a session cookie.

SH


#4

[…]

If the user is already logged in, why not have the session controller redirect
them to an appropriate page?

Since I’m building rails app just for learning proporses this could
work, but what happend if this were a real app and another person
tries to log-in using the same user-pass, it would allow 2 or more
people logged with the same user.

Also, If you want the user’s session to end when the browser is closed, just use
a session cookie.

I’ll check what a session cookie is and write if that worked.

SH

Thanks for the reply!!!

Hiro


#5

psujohn wrote:

A session cookie expires when the user closes their browser. If you
really want to force the user to re-login when they close the browser
and then re-open it soon thereafter this is the way to go. But this
doesn’t at all prevent multiple people from using the same username/
password at the same time.

Doesn’t Rails use a session cookie by default. In fact, by default, the
entire session state is stored in a session cookie. It’s my
understanding that extra code must be added to maintain a user’s session
from one browser launch to the next.

Maybe I’m missing something here?


#6

[…]

Two different problems.

You’re right, they’re two different problems, now I see it more
clearly.

  1. Different people are able to login at the same time with the same
    username using different PCs. To prevent that you need to write into
    the database when someone is logged in and have them logout or
    timeout.

I’ll try that, if I understood I need a sort of flag[in db] that
indicates me if a user is connected or not and validate that flag in
the login.

  1. Someone on one PC logs in, closes the browser, re-opens the browser
    and attempts to login again. That is what’s giving you a problem in
    your original post. So do what was recommended and automatically login
    the user if they still have a valid session.

OK, I’ll do as recommended!

I’ll check what a session cookie is and write if that worked.

A session cookie expires when the user closes their browser. If you
really want to force the user to re-login when they close the browser
and then re-open it soon thereafter this is the way to go. But this
doesn’t at all prevent multiple people from using the same username/
password at the same time.

I’ll try it, too. But I think the point 2 it’s a better solution

Thanks for the reply!!!

I’m going to try this new things and write if it worked!

Hiro


#7

Hello Hiro,

On Mon, 2009-03-02 at 08:04 -0800, Hiro wrote:

Is there a way to catch the browser close event?

There is no reliable way to do this.

I want it to end the users session, because if the
user close the browser and try to sign in, I get the
“user already logged” message.

Do you want closing the browser to end the user’s session? Or are you
just wanting to avoid the user trying to sign in and getting an error
message when they already have a valid session and don’t need to sign
in? The first is difficult. The second, easy. Let us know.

Best regards,
Bill


#8

I second Bill.

H


#9

Since I’m building rails app just for learning proporses this could
work, but what happend if this were a real app and another person
tries to log-in using the same user-pass, it would allow 2 or more
people logged with the same user.

Two different problems.

  1. Different people are able to login at the same time with the same
    username using different PCs. To prevent that you need to write into
    the database when someone is logged in and have them logout or
    timeout.
  2. Someone on one PC logs in, closes the browser, re-opens the browser
    and attempts to login again. That is what’s giving you a problem in
    your original post. So do what was recommended and automatically login
    the user if they still have a valid session.

I’ll check what a session cookie is and write if that worked.

A session cookie expires when the user closes their browser. If you
really want to force the user to re-login when they close the browser
and then re-open it soon thereafter this is the way to go. But this
doesn’t at all prevent multiple people from using the same username/
password at the same time.


#10

On Mon, Mar 2, 2009 at 7:59 PM, bill walton removed_email_address@domain.invalid
wrote:

Hello Hiro,

On Mon, 2009-03-02 at 08:04 -0800, Hiro wrote:

Is there a way to catch the browser close event?

There is no reliable way to do this.

Please stay on this page!

A link the user shouldn't click


Greg D.
http://destiney.com/


#11

window.onbeforeunload = bunload;
function bunload()

The beforeunload event is also fired on page refresh & when you browse
away from the
current page.

Also, what happens if the power goes out on the user’s computer?

Really, there’s no way to detect a real “browser close” event in a way
that works 100%
of the time. The closest thing you can do is to have the browser
continually ping the
server, then detect the absence of that ping. But that would be extreme
overkill for
this situation.

SH


#12

On Mar 2, 5:09 pm, psujohn removed_email_address@domain.invalid wrote:

timeout.
As someone who’s used an app with this behavior - just don’t do it.
Network
outages = fail, PC craps out = epic fail. The app in question was even
more
restrictive - it tracked the IP the user was logged in, and wouldn’t
permit
logins on other IPs. A tech had to manually unlock accounts to get
users
back online. NOT GOOD.

There’s also no reason to ever do this - if a malicious attacker
already has a
user’s login AND password, the game is over. “One session per account”
is
just going to annoy legitimate users (who forget to logout before
going to work, etc.)

–Matt J.


#13

bill walton wrote:

Hello Hiro,

On Mon, 2009-03-02 at 08:04 -0800, Hiro wrote:

Is there a way to catch the browser close event?

There is no reliable way to do this.

I want it to end the users session, because if the
user close the browser and try to sign in, I get the
“user already logged” message.

Do you want closing the browser to end the user’s session? Or are you
just wanting to avoid the user trying to sign in and getting an error
message when they already have a valid session and don’t need to sign
in? The first is difficult. The second, easy. Let us know.

Best regards,
Bill

Bill…
I’m trying to have the user session expire on a browser close. Is there
an easy way of doing that?


#14

[…]

Do you want closing the browser to end the user’s session? Or are you
just wanting to avoid the user trying to sign in and getting an error
message when they already have a valid session and don’t need to sign
in? The first is difficult. The second, easy. Let us know.

The first one. Maybe it wasn’t clear but I’m doing this app from
scratch (trying to learn ruby and rails)… so I can avoid the error
message because I wrote it.

I haven’t check the cookie session stuff… but if there other options
or answers I’ll glad to hear (actually read) them.

Thanks!! everyone for the answers!!!

Hiro