Catch the browser close event

Hi everybody,

I'm pretty new in rails so I've been "playing" programming simple app
one of the was an app with a login and session management. Up to here,
everything is pretty smooth, as rails; but I have a question that I
can solve, that's why I'm writing to the group. Is there a way to
catch the browser close event? I want it to end the users session,
because if the user close the browser and try to sign in, I get the
"user already logged" message.

I hope someone can help me! Thanks!

well windows do have an onclose event but I'm not sure that an ajax
request fired from there would work (the browser might just destroy
everything associated with the page at that point). Even then you'd
have to deal with browsers crashing, internet connections dropping out
etc. so my advice would be to not relying on detecting the end of
someone's session and make your login code a bit more flexible.

Fred

> I'm pretty new in rails so I've been "playing" programming simple app
> one of the was an app with a login and session management. Up to here,
> everything is pretty smooth, as rails; but I have a question that I
> can solve, that's why I'm writing to the group. Is there a way to
> catch the browser close event? I want it to end the users session,
> because if the user close the browser and try to sign in, I get the
> "user already logged" message.

If the user is already logged in, why not have the session controller redirect
them to an appropriate page?

Also, If you want the user's session to end when the browser is closed, just use
a session cookie.

SH

[..]

If the user is already logged in, why not have the session controller redirect
them to an appropriate page?

Since I'm building rails app just for learning proporses this could
work, but what happend if this were a real app and another person
tries to log-in using the same user-pass, it would allow 2 or more
people logged with the same user.

Also, If you want the user's session to end when the browser is closed, just use
a session cookie.

I'll check what a session cookie is and write if that worked.

SH

Thanks for the reply!!!

Hiro

Since I'm building rails app just for learning proporses this could
work, but what happend if this were a real app and another person
tries to log-in using the same user-pass, it would allow 2 or more
people logged with the same user.

Two different problems.

1) Different people are able to login at the same time with the same
username using different PCs. To prevent that you need to write into
the database when someone is logged in and have them logout or
timeout.
2) Someone on one PC logs in, closes the browser, re-opens the browser
and attempts to login again. That is what's giving you a problem in
your original post. So do what was recommended and automatically login
the user if they still have a valid session.

I'll check what a session cookie is and write if that worked.

A session cookie expires when the user closes their browser. If you
really want to force the user to re-login when they close the browser
and then re-open it soon thereafter this is the way to go. But this
doesn't at all prevent multiple people from using the same username/
password at the same time.

[..]

Two different problems.

You're right, they're two different problems, now I see it more
clearly.

1) Different people are able to login at the same time with the same
username using different PCs. To prevent that you need to write into
the database when someone is logged in and have them logout or
timeout.

I'll try that, if I understood I need a sort of flag[in db] that
indicates me if a user is connected or not and validate that flag in
the login.

2) Someone on one PC logs in, closes the browser, re-opens the browser
and attempts to login again. That is what's giving you a problem in
your original post. So do what was recommended and automatically login
the user if they still have a valid session.

OK, I'll do as recommended!

> I'll check what a session cookie is and write if that worked.

A session cookie expires when the user closes their browser. If you
really want to force the user to re-login when they close the browser
and then re-open it soon thereafter this is the way to go. But this
doesn't at all prevent multiple people from using the same username/
password at the same time.

I'll try it, too. But I think the point 2 it's a better solution

Thanks for the reply!!!

I'm going to try this new things and write if it worked!

Hiro

Hello Hiro,

Is there a way to catch the browser close event?

There is no reliable way to do this.

I want it to end the users session, because if the
user close the browser and try to sign in, I get the
"user already logged" message.

Do you want closing the browser to end the user's session? Or are you
just wanting to avoid the user trying to sign in and getting an error
message when they already have a valid session and don't need to sign
in? The first is difficult. The second, easy. Let us know.

Best regards,
Bill

I second Bill.

H

[..]

> Do you want closing the browser to end the user's session? Or are you
> just wanting to avoid the user trying to sign in and getting an error
> message when they already have a valid session and don't need to sign
> in? The first is difficult. The second, easy. Let us know.

The first one. Maybe it wasn't clear but I'm doing this app from
scratch (trying to learn ruby and rails)... so I can avoid the error
message because I wrote it.

I haven't check the cookie session stuff... but if there other options
or answers I'll glad to hear (actually read) them.

Thanks!! everyone for the answers!!!

Hiro

<html>
<head>
<title></title>
<script language="JavaScript">
<!--
cancel = 0
window.onbeforeunload = bunload;
function bunload()
{
  if( cancel != 1 )
  {
    dontleave="You must click the submit button below to complete the sharing";
    return dontleave;
  }
}
function cancel_bunload()
{
  cancel = 1;
}
//-->
</script>
</head>
<body>
Please stay on this page!
<br><br>
<a href="confirm_close.html">A link the user shouldn't click</a>
<br><br>
<form method="post" action="confirm_close.html">
<input type="submit" name="submit" value="submit" onclick="cancel_bunload()">
</form>
</body>
</html>

window.onbeforeunload = bunload;
function bunload()

The beforeunload event is also fired on page refresh & when you browse away from the
current page.

Also, what happens if the power goes out on the user's computer?

Really, there's no way to detect a real "browser close" event in a way that works 100%
of the time. The closest thing you can do is to have the browser continually ping the
server, then detect the absence of that ping. But that would be extreme overkill for
this situation.

SH

As someone who's used an app with this behavior - just don't do it.
Network
outages = fail, PC craps out = epic fail. The app in question was even
more
restrictive - it tracked the IP the user was logged in, and wouldn't
permit
logins on other IPs. A tech had to manually unlock accounts to get
users
back online. NOT GOOD.

There's also no reason to ever do this - if a malicious attacker
already has a
user's login AND password, the game is over. "One session per account"
is
just going to annoy legitimate users (who forget to logout before
going to work, etc.)

--Matt Jones

bill walton wrote:

Hello Hiro,

Is there a way to catch the browser close event?

There is no reliable way to do this.

I want it to end the users session, because if the
user close the browser and try to sign in, I get the
"user already logged" message.

Do you want closing the browser to end the user's session? Or are you
just wanting to avoid the user trying to sign in and getting an error
message when they already have a valid session and don't need to sign
in? The first is difficult. The second, easy. Let us know.

Best regards,
Bill

Bill...
I'm trying to have the user session expire on a browser close. Is there
an easy way of doing that?