473,320 Members | 1,976 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Need to find-out improper sign-out

Is there any way to run a function or a code-block whenever the client-
server communication breaks off. (ie power-off, browser-crash...)

Why I need this is, I want to update a login-table to trace user's
leave the portal without proper log-off or sign-out.

Every time a user at proper sign-in, a flag is set & account is locked
until he sign-out by updating in the login-table.At sign-out the flag
is released & his account is ready to log-in again.
Is my logic right?

Kesavan.M
m.*******@hotmail.com

Mar 3 '07 #1
7 2099
Kesavan wrote:
Is there any way to run a function or a code-block whenever the client-
server communication breaks off. (ie power-off, browser-crash...)

Why I need this is, I want to update a login-table to trace user's
leave the portal without proper log-off or sign-out.

Every time a user at proper sign-in, a flag is set & account is locked
until he sign-out by updating in the login-table.At sign-out the flag
is released & his account is ready to log-in again.
Is my logic right?

Kesavan.M
m.*******@hotmail.com
Sorry, HTTP is a stateless protocol. You can tell when a user accesses
your site, but not when he/she leaves.

Best is to use sessions and have a timeout on the session.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Mar 3 '07 #2
>Is there any way to run a function or a code-block whenever the client-
>server communication breaks off. (ie power-off, browser-crash...)
No. The best you can do is time out a session X time from the last
hit. Another kind of "improper sign-out" you won't see is clicking
on an ad and not coming back, clicking on the HOME button, typing
in a URL, etc. Know also that communication doesn't necessarily
stay up during a session. It may disconnect after completing each
page.
>Why I need this is, I want to update a login-table to trace user's
leave the portal without proper log-off or sign-out.
Find something else to need.
>Every time a user at proper sign-in, a flag is set & account is locked
until he sign-out by updating in the login-table.At sign-out the flag
is released & his account is ready to log-in again.
Is my logic right?
Why on earth would you need such a thing, besides trying to drive off users?

Mar 3 '07 #3
Rik
Gordon Burditt <go***********@burditt.orgwrote:
>Is there any way to run a function or a code-block whenever the client-
server communication breaks off. (ie power-off, browser-crash...)

No. The best you can do is time out a session X time from the last
hit. Another kind of "improper sign-out" you won't see is clicking
on an ad and not coming back, clicking on the HOME button, typing
in a URL, etc. Know also that communication doesn't necessarily
stay up during a session. It may disconnect after completing each
page.
>Why I need this is, I want to update a login-table to trace user's
leave the portal without proper log-off or sign-out.

Find something else to need.
>Every time a user at proper sign-in, a flag is set & account is locked
until he sign-out by updating in the login-table.At sign-out the flag
is released & his account is ready to log-in again.
Is my logic right?

Why on earth would you need such a thing, besides trying to drive off
users?
I'd even go so far as to say: the last one to log in clearly knows the
password, if another one is currently logged in under the same credentials
I log them out instantly. People can get seperate logins a plenty, no
reason to share, and another little security measure to, well, not
prevent, but end a specific session hijack.

--
Rik Wasmus
Mar 3 '07 #4
>>Is there any way to run a function or a code-block whenever the client-
>>server communication breaks off. (ie power-off, browser-crash...)

No. The best you can do is time out a session X time from the last
hit. Another kind of "improper sign-out" you won't see is clicking
on an ad and not coming back, clicking on the HOME button, typing
in a URL, etc. Know also that communication doesn't necessarily
stay up during a session. It may disconnect after completing each
page.
>>Why I need this is, I want to update a login-table to trace user's
leave the portal without proper log-off or sign-out.

Find something else to need.
>>Every time a user at proper sign-in, a flag is set & account is locked
until he sign-out by updating in the login-table.At sign-out the flag
is released & his account is ready to log-in again.
Is my logic right?

Why on earth would you need such a thing, besides trying to drive off
users?

I'd even go so far as to say: the last one to log in clearly knows the
password, if another one is currently logged in under the same credentials
I log them out instantly.
I'll agree here: if you *must* insist on one login at a time, kill
the *old* session (which may have just suffered modem disconnectus),
not the *new* one. It also acts to discourage account sharing
(situation: pay site for pr0n or whatever). If you share your
account widely, *all* people trying to use it are likely to get
booted off often. It's harder to implement, though. One thing
that makes it a bit easier is to use a session save handler which
puts session data in a database, thereby making a search for people
logged in under the same account easier.
>People can get seperate logins a plenty, no
reason to share, and another little security measure to, well, not
prevent, but end a specific session hijack.
Depending on the design of the site, there are plenty of reasons
for the same user to try to pull up two different pages from the
site at the same time (for example, to look at two things you might
want and compare features side-by-side to decide which to buy), and
many times it is necessary made to log in twice to do that.

Mar 4 '07 #5
Rik
Gordon Burditt <go***********@burditt.orgwrote:
>>>Every time a user at proper sign-in, a flag is set & account is locked
until he sign-out by updating in the login-table.At sign-out the flag
is released & his account is ready to log-in again.
Is my logic right?

Why on earth would you need such a thing, besides trying to drive off
users?

I'd even go so far as to say: the last one to log in clearly knows the
password, if another one is currently logged in under the same
credentials
I log them out instantly.

I'll agree here: if you *must* insist on one login at a time, kill
the *old* session (which may have just suffered modem disconnectus),
not the *new* one. It also acts to discourage account sharing
(situation: pay site for pr0n or whatever). If you share your
account widely, *all* people trying to use it are likely to get
booted off often. It's harder to implement, though. One thing
that makes it a bit easier is to use a session save handler which
puts session data in a database, thereby making a search for people
logged in under the same account easier.
I don't go as far as to use a custom save handler most of the time.
Determining wether a user is logged in is done with the help of a database
query though, where session id's and user id's are saved of the current
'active' users, which also gives a nice oppertunity to check the time of
last activity etc.
>People can get seperate logins a plenty, no
reason to share, and another little security measure to, well, not
prevent, but end a specific session hijack.

Depending on the design of the site, there are plenty of reasons
for the same user to try to pull up two different pages from the
site at the same time (for example, to look at two things you might
want and compare features side-by-side to decide which to buy), and
many times it is necessary made to log in twice to do that.
Normally, no. As long as he's using the same browser, he will have the
same session id, and it will still be considered one user serverside, even
if the requests hit the server at exactly the same moment (which 'never'
happens). If you use different browsers (firefox & MSIE for instance),
then they'll get different id's, simply because they don't use each
hothers cookies. On any normal site, opening a wide variety of pages with
a single login is perfectly possible.
--
Rik Wasmus
Mar 4 '07 #6
>>>>Every time a user at proper sign-in, a flag is set & account is locked
>>>>until he sign-out by updating in the login-table.At sign-out the flag
is released & his account is ready to log-in again.
Is my logic right?

Why on earth would you need such a thing, besides trying to drive off
users?

I'd even go so far as to say: the last one to log in clearly knows the
password, if another one is currently logged in under the same
credentials
I log them out instantly.

I'll agree here: if you *must* insist on one login at a time, kill
the *old* session (which may have just suffered modem disconnectus),
not the *new* one. It also acts to discourage account sharing
(situation: pay site for pr0n or whatever). If you share your
account widely, *all* people trying to use it are likely to get
booted off often. It's harder to implement, though. One thing
that makes it a bit easier is to use a session save handler which
puts session data in a database, thereby making a search for people
logged in under the same account easier.

I don't go as far as to use a custom save handler most of the time.
Determining wether a user is logged in is done with the help of a database
query though, where session id's and user id's are saved of the current
'active' users, which also gives a nice oppertunity to check the time of
last activity etc.
Well, I wrote a save handler, and it's turned out to have lots of
uses. Part of the idea is that if you delete the session entry,
the user is logged out as of the next hit. You also get "last hit"
info. And it's useful for debugging. But there are other ways in
the "is he logged in" check to accomplish the same thing.
>>People can get seperate logins a plenty, no
reason to share, and another little security measure to, well, not
prevent, but end a specific session hijack.

Depending on the design of the site, there are plenty of reasons
for the same user to try to pull up two different pages from the
site at the same time (for example, to look at two things you might
want and compare features side-by-side to decide which to buy), and
many times it is necessary made to log in twice to do that.

Normally, no. As long as he's using the same browser, he will have the
same session id, and it will still be considered one user serverside, even
if the requests hit the server at exactly the same moment (which 'never'
happens).
I have been asked quite a few times about problems with this. It
seems some sites use session data for navigation, search parameters,
and options. If you have two browser instances with the same session
ID, they share this data. Browser A searches on "motorcycle".
Browser B searches on "Barbie Dolls". Browser A refines search
with "helmet", and gets back an entry for a Barbie motorcycle outfit
including a helmet, and nothing about a real motorcycle helmet.
These users needed to *FORCE* having two different sessions in order
to do what they wanted to do. I don't remember which sites had this
issue. It wasn't Ebay. But I do recall it being real easy to bid on
or order the wrong thing if you had two browser windows open to
different items.

It seems to me that there was a certain patchlevel of IE6 that made
this worse. Perhaps according to the specs, IE6 was correct, but
it was causing a lot of questions at my ISP.

>If you use different browsers (firefox & MSIE for instance),
then they'll get different id's, simply because they don't use each
hothers cookies. On any normal site, opening a wide variety of pages with
a single login is perfectly possible.

Mar 4 '07 #7
On Mar 4, 5:35 am, gordonb.ku...@burditt.org (Gordon Burditt) wrote:
>>>Every time a user at proper sign-in, a flag is set & account is locked
until he sign-out by updating in the login-table.At sign-out the flag
is released & his account is ready to log-in again.
Is my logic right?
>>Why on earth would you need such a thing, besides trying to drive off
users?
>I'd even go so far as to say: the last one to log in clearly knows the
password, if another one is currently logged in under the same
credentials
I log them out instantly.
I'll agree here: if you *must* insist on one login at a time, kill
the *old* session (which may have just suffered modem disconnectus),
not the *new* one. It also acts to discourage account sharing
(situation: pay site for pr0n or whatever). If you share your
account widely, *all* people trying to use it are likely to get
booted off often. It's harder to implement, though. One thing
that makes it a bit easier is to use a session save handler which
puts session data in a database, thereby making a search for people
logged in under the same account easier.
I don't go as far as to use a custom save handler most of the time.
Determining wether a user is logged in is done with the help of a database
query though, where session id's and user id's are saved of the current
'active' users, which also gives a nice oppertunity to check the time of
last activity etc.

Well, I wrote a save handler, and it's turned out to have lots of
uses. Part of the idea is that if you delete the session entry,
the user is logged out as of the next hit. You also get "last hit"
info. And it's useful for debugging. But there are other ways in
the "is he logged in" check to accomplish the same thing.
>People can get seperate logins a plenty, no
reason to share, and another little security measure to, well, not
prevent, but end a specific session hijack.
Depending on the design of the site, there are plenty of reasons
for the same user to try to pull up two different pages from the
site at the same time (for example, to look at two things you might
want and compare features side-by-side to decide which to buy), and
many times it is necessary made to log in twice to do that.
Normally, no. As long as he's using the same browser, he will have the
same session id, and it will still be considered one user serverside, even
if the requests hit the server at exactly the same moment (which 'never'
happens).

I have been asked quite a few times about problems with this. It
seems some sites use session data for navigation, search parameters,
and options. If you have two browser instances with the same session
ID, they share this data. Browser A searches on "motorcycle".
Browser B searches on "Barbie Dolls". Browser A refines search
with "helmet", and gets back an entry for a Barbie motorcycle outfit
including a helmet, and nothing about a real motorcycle helmet.
These users needed to *FORCE* having two different sessions in order
to do what they wanted to do. I don't remember which sites had this
issue. It wasn't Ebay. But I do recall it being real easy to bid on
or order the wrong thing if you had two browser windows open to
different items.

It seems to me that there was a certain patchlevel of IE6 that made
this worse. Perhaps according to the specs, IE6 was correct, but
it was causing a lot of questions at my ISP.
If you use different browsers (firefox & MSIE for instance),
then they'll get different id's, simply because they don't use each
hothers cookies. On any normal site, opening a wide variety of pages with
a single login is perfectly possible.
Hi all,

it seems the original question has not been answered yet. If yes,
please ignore my mumbling.
Is there any way to run a function or a code-block whenever the client-
server communication breaks off. (ie power-off, browser-crash...)
1) If you write your own session handler you can use the function for
the garbage collection to do this.

2) If you store somewhere (a login log?) if when a user has logged in
and when the user has logged out, you can derive your needed
information from there.

good luck
Martin

------------------------------------------------
online accounting on bash bases
Online Einnahmen-Ausgaben-Rechnung
http://www.ea-geier.at
------------------------------------------------
m2m server software gmbh
http://www.m2m.at


Mar 4 '07 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

9
by: Nathan Rose | last post by:
Here's my problem. I am reading from a text file using this: if (!file_exists($file)) { echo "Don't exist\n"; return false; } $fd = @fopen($file, 'r'); if (!is_resource($fd))
6
by: seansan | last post by:
Hi, Does anyone know how to read the full access version number in visual basic? I need to know if the current program instance is SR-1 or SP-3, etc... I currently use: DB_DAO =...
6
by: ti33m | last post by:
Hi All, I'd like to include a datasheet on my user interface but since I'm starting to run tight on space, I'd like to have a vertically-oriented datasheet (column 1 has labels, column 2 has...
3
by: sandrina | last post by:
Hello everyone, My name is Debi and I am an Administrative assistant with a large company in their sourcing department. I was hired one month ago, and walked in to a HUGE filing nightmare. My...
8
by: Jack Addington | last post by:
I want to scroll through the alphabet in order to scroll some data to the closest name that starts with a letter. If the user hits the H button then it should scroll to the letter closest to H. ...
2
by: Sin | last post by:
Hello everyone, I'm totally stumped at how little info I can find in MSDN or on the web concerning this. It's almost as if only microsoft personel hold the key to these secrets or something!!! ...
1
by: | last post by:
Hi Database Gurus, Not to start a war among fanatics, but I just wanted to get honest opinion/advise of smart folks like you about this. We are about to begin development for a data intensive web...
4
by: georges the man | last post by:
hey guys, i ve been posting for the last week trying to understand some stuff about c and reading but unfortunaly i couldnt do this. i have to write the following code. this will be the last...
0
by: [Cool staff!||Hi! I think this need for || Help me | last post by:
http://con-cern.org/files/2007/5/xenical-21024312.html cheap xenical http://con-cern.org/files/2007/5/auto-21024411.html auto loan refinance ...
2
by: Dotan Cohen | last post by:
I need an application, and I'd like it to be written in Python with QT as I am a KDE user. I simply don't have the time to code it myself, as I've been trying to find the time for half a year now....
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.