Catch the browser close event

rubyonrails-talk
1

Hi everybody,

I'm pretty new in rails so I've been "playing" programming simple app one of the was an app with a login and session management. Up to here, everything is pretty smooth, as rails; but I have a question that I can solve, that's why I'm writing to the group. Is there a way to catch the browser close event? I want it to end the users session, because if the user close the browser and try to sign in, I get the "user already logged" message.

I hope someone can help me! Thanks!

2

well windows do have an onclose event but I'm not sure that an ajax request fired from there would work (the browser might just destroy everything associated with the page at that point). Even then you'd have to deal with browsers crashing, internet connections dropping out etc. so my advice would be to not relying on detecting the end of someone's session and make your login code a bit more flexible.

Fred

3

> I'm pretty new in rails so I've been "playing" programming simple app > one of the was an app with a login and session management. Up to here, > everything is pretty smooth, as rails; but I have a question that I > can solve, that's why I'm writing to the group. Is there a way to > catch the browser close event? I want it to end the users session, > because if the user close the browser and try to sign in, I get the > "user already logged" message.

If the user is already logged in, why not have the session controller redirect them to an appropriate page?

Also, If you want the user's session to end when the browser is closed, just use a session cookie.

SH

4

[..]

If the user is already logged in, why not have the session controller redirect them to an appropriate page?

Since I'm building rails app just for learning proporses this could work, but what happend if this were a real app and another person tries to log-in using the same user-pass, it would allow 2 or more people logged with the same user.

Also, If you want the user's session to end when the browser is closed, just use a session cookie.

I'll check what a session cookie is and write if that worked.

SH

Thanks for the reply!!!

Hiro

5

Since I'm building rails app just for learning proporses this could work, but what happend if this were a real app and another person tries to log-in using the same user-pass, it would allow 2 or more people logged with the same user.

Two different problems.

1) Different people are able to login at the same time with the same username using different PCs. To prevent that you need to write into the database when someone is logged in and have them logout or timeout. 2) Someone on one PC logs in, closes the browser, re-opens the browser and attempts to login again. That is what's giving you a problem in your original post. So do what was recommended and automatically login the user if they still have a valid session.

I'll check what a session cookie is and write if that worked.

A session cookie expires when the user closes their browser. If you really want to force the user to re-login when they close the browser and then re-open it soon thereafter this is the way to go. But this doesn't at all prevent multiple people from using the same username/ password at the same time.

6

[..]

Two different problems.

You're right, they're two different problems, now I see it more clearly.

1) Different people are able to login at the same time with the same username using different PCs. To prevent that you need to write into the database when someone is logged in and have them logout or timeout.

I'll try that, if I understood I need a sort of flag[in db] that indicates me if a user is connected or not and validate that flag in the login.

2) Someone on one PC logs in, closes the browser, re-opens the browser and attempts to login again. That is what's giving you a problem in your original post. So do what was recommended and automatically login the user if they still have a valid session.

OK, I'll do as recommended!

> I'll check what a session cookie is and write if that worked.

A session cookie expires when the user closes their browser. If you really want to force the user to re-login when they close the browser and then re-open it soon thereafter this is the way to go. But this doesn't at all prevent multiple people from using the same username/ password at the same time.

I'll try it, too. But I think the point 2 it's a better solution

Thanks for the reply!!!

I'm going to try this new things and write if it worked!

Hiro

7

Hello Hiro,

Is there a way to catch the browser close event?

There is no reliable way to do this.

I want it to end the users session, because if the user close the browser and try to sign in, I get the "user already logged" message.

Do you want closing the browser to end the user's session? Or are you just wanting to avoid the user trying to sign in and getting an error message when they already have a valid session and don't need to sign in? The first is difficult. The second, easy. Let us know.

Best regards, Bill

8

I second Bill.

H

9

[..]

> Do you want closing the browser to end the user's session? Or are you > just wanting to avoid the user trying to sign in and getting an error > message when they already have a valid session and don't need to sign > in? The first is difficult. The second, easy. Let us know.

The first one. Maybe it wasn't clear but I'm doing this app from scratch (trying to learn ruby and rails)... so I can avoid the error message because I wrote it.

I haven't check the cookie session stuff... but if there other options or answers I'll glad to hear (actually read) them.

Thanks!! everyone for the answers!!!

Hiro

10

<html> <head> <title></title> <script language="JavaScript"> <!-- cancel = 0 window.onbeforeunload = bunload; function bunload() {   if( cancel != 1 )   {     dontleave="You must click the submit button below to complete the sharing";     return dontleave;   } } function cancel_bunload() {   cancel = 1; } //--> </script> </head> <body> Please stay on this page! <br><br> <a href="confirm_close.html">A link the user shouldn't click</a> <br><br> <form method="post" action="confirm_close.html"> <input type="submit" name="submit" value="submit" onclick="cancel_bunload()"> </form> </body> </html>

11

window.onbeforeunload = bunload; function bunload()

The beforeunload event is also fired on page refresh & when you browse away from the current page.

Also, what happens if the power goes out on the user's computer?

Really, there's no way to detect a real "browser close" event in a way that works 100% of the time. The closest thing you can do is to have the browser continually ping the server, then detect the absence of that ping. But that would be extreme overkill for this situation.

SH

12

As someone who's used an app with this behavior - just don't do it. Network outages = fail, PC craps out = epic fail. The app in question was even more restrictive - it tracked the IP the user was logged in, and wouldn't permit logins on other IPs. A tech had to manually unlock accounts to get users back online. NOT GOOD.

There's also no reason to ever do this - if a malicious attacker already has a user's login AND password, the game is over. "One session per account" is just going to annoy legitimate users (who forget to logout before going to work, etc.)

--Matt Jones

13

bill walton wrote:

Hello Hiro,

Is there a way to catch the browser close event?

There is no reliable way to do this.

I want it to end the users session, because if the user close the browser and try to sign in, I get the "user already logged" message.

Do you want closing the browser to end the user's session? Or are you just wanting to avoid the user trying to sign in and getting an error message when they already have a valid session and don't need to sign in? The first is difficult. The second, easy. Let us know.

Best regards, Bill

Bill... I'm trying to have the user session expire on a browser close. Is there an easy way of doing that?