How to detect user leaving site?

sebastian schreef:

Can this be done without client-side scripting? I thought sessions
might be the answer but after some testing found that sometimes the
old session data remained even after the user left the site and
returned. Just had an idea, though. Perhaps I could access the users
Referrer header?

Hi Sebastian,

I think you cannot detect this without JavaScript.
If somebody goes somewhere else, your server is not notified.
You can only try this via JavaScript.

Referer:
And I don't see how the Referer header can help you out.
It is send to the next site (if send at all).

Session:
No go either.
A Session is nothing more than a piece of data on the server that is
linked to a certain visitor via a PHPSESSID (via cookie/url/form).
I don't see how they can help you with this.

So bottomline, bad luck.
You need JavaScript (or some other clientside technology, like an JAVA
applet).

Regards,
Erwin Moller

Erwin Moller wrote:

sebastian schreef:

>Can this be done without client-side scripting? I thought sessions
might be the answer but after some testing found that sometimes the
old session data remained even after the user left the site and
returned. Just had an idea, though. Perhaps I could access the users
Referrer header?

Hi Sebastian,

I think you cannot detect this without JavaScript.
If somebody goes somewhere else, your server is not notified.
You can only try this via JavaScript.

Referer:
And I don't see how the Referer header can help you out.
It is send to the next site (if send at all).

Session:
No go either.
A Session is nothing more than a piece of data on the server that is
linked to a certain visitor via a PHPSESSID (via cookie/url/form).
I don't see how they can help you with this.

So bottomline, bad luck.
You need JavaScript (or some other clientside technology, like an JAVA
applet).

Correct me if I'm wrong, but if user left his site, and then returned
refer would point to the other site. So detecting refer value could
possibly help the problem.

@Sebastian
Refer it's send by the user, so can't be trusted. You can use it
to improve the functionality of the site, but don't use it to any
critical checks (like access controll ect.).

It's also possible, that refer will be empty, when user types in the url
or opens new window in 'new tab' (not sure about that though).

best regards
Piotr N

Erwin Moller wrote:

sebastian schreef:

>Can this be done without client-side scripting? I thought sessions
might be the answer but after some testing found that sometimes the
old session data remained even after the user left the site and
returned. Just had an idea, though. Perhaps I could access the users
Referrer header?

Hi Sebastian,

I think you cannot detect this without JavaScript.
If somebody goes somewhere else, your server is not notified.
You can only try this via JavaScript.

Referer:
And I don't see how the Referer header can help you out.
It is send to the next site (if send at all).

Session:
No go either.
A Session is nothing more than a piece of data on the server that is
linked to a certain visitor via a PHPSESSID (via cookie/url/form).
I don't see how they can help you with this.

So bottomline, bad luck.
You need JavaScript (or some other clientside technology, like an JAVA
applet).

Regards,
Erwin Moller

And even Javascript doesn't necessarily tell you. Closing the browser,
for instance, will not execute javascript.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Regards,

Erwin Moller

Something tells me that you are not, in fact, Erwin Moller. If not,
please do not reply to my posts. The fact that you would masquarade as
another user is ridiculous. Pitiful.

- Sebastian

sebastian wrote:

>Regards,
Erwin Moller

Something tells me that you are not, in fact, Erwin Moller. If not,
please do not reply to my posts. The fact that you would masquarade as
another user is ridiculous. Pitiful.

- Sebastian

^^

That kinda made my day :)

best regards
Piotr N

In our last episode,
<e8**********************************@b1g2000hsg.g ooglegroups.com>, the
lovely and talented sebastian broadcast on comp.lang.php:

Can this be done without client-side scripting?

No.

Unless someone develops a psychic server.

--
Lars Eighner <http://larseighner.com/us****@larseighner.com
Countdown: 256 days to go.

sebastian wrote:

>Regards,
Erwin Moller

Something tells me that you are not, in fact, Erwin Moller. If not,
please do not reply to my posts. The fact that you would masquarade as
another user is ridiculous. Pitiful.

- Sebastian

That is the real Erwin Moller.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

>That is the real Erwin Moller.

Ok, thanks for the clarification. The email address just looked
suspicious. =)

>Correct me if I'm wrong, but if user left his site, and then returned

refer would point to the other site. So detecting refer value could
possibly help the problem.

Great, I'll try that out then.

>Refer it's send by the user, so can't be trusted. You can use it

to improve the functionality of the site, but don't use it to any
critical checks (like access controll ect.).

It's just to display a welcome message, so no problem there.

>It's also possible, that refer will be empty, when user types in the url

or opens new window in 'new tab' (not sure about that though).

Right. Well, thanks for all of the suggestions.

Regards,
- Sebastian

sebastian wrote:

>>Correct me if I'm wrong, but if user left his site, and then returned

refer would point to the other site. So detecting refer value could
possibly help the problem.

Great, I'll try that out then.

Just to make sure we talk about the same. Refer header will contain the
other site url, if users comes from other site. If he hits back button
it won't work. Only with links.

best regards
Piotr N

Yes, of course. Again, this isn't a very critical feature - it just
needs to work for the standard case. Thank you for the input.

- Sebastian

sebastian wrote:

>>That is the real Erwin Moller.

Ok, thanks for the clarification. The email address just looked
suspicious. =)

>>Correct me if I'm wrong, but if user left his site, and then returned

refer would point to the other site. So detecting refer value could
possibly help the problem.

Great, I'll try that out then.

Only works if 1) he comes back to your site, and 2) his browser and
firewall are correctly reporting the HTTP_REFERER. It will fail for
those who do not forward HTTP_REFERER.

>>Refer it's send by the user, so can't be trusted. You can use it

to improve the functionality of the site, but don't use it to any
critical checks (like access controll ect.).

It's just to display a welcome message, so no problem there.

>>It's also possible, that refer will be empty, when user types in the url

or opens new window in 'new tab' (not sure about that though).

Right. Well, thanks for all of the suggestions.

Regards,
- Sebastian

I'd just display the welcome message on your home page. People are used
to it by now.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

sebastian schreef:

>Regards,
Erwin Moller

Something tells me that you are not, in fact, Erwin Moller. If not,
please do not reply to my posts. The fact that you would masquarade as
another user is ridiculous. Pitiful.

- Sebastian

Hi Sebastian,

Was my answer so darn stupid that you confused me with that
imposternoob? And yes, masquarading as another user is totally stupid.
I still have no clue why that happened, but the guy seems away now.
I hope it stays that way.

Anyway, to the original subject: I still fail to see the use of using
the referer header.

For clearity's sake, this is what I found from w3c.

from http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html

14.36 Referer

The Referer[sic] request-header field allows the client to specify, for
the server's benefit, the address (URI) of the resource from which the
Request-URI was obtained (the "referrer", although the header field is
misspelled.) The Referer request-header allows a server to generate
lists of back-links to resources for interest, logging, optimized
caching, etc. It also allows obsolete or mistyped links to be traced for
maintenance. The Referer field MUST NOT be sent if the Request-URI was
obtained from a source that does not have its own URI, such as input
from the user keyboard.

Referer = "Referer" ":" ( absoluteURI | relativeURI )

Example:

Referer: http://www.w3.org/hypertext/DataSources/Overview.html

So what is IN the referer header?
(If it is set by the browser, and not stripped by some router as Jerry
already warned for)
Well, nothing more that the URI of the page that contained the url you
are visiting now.
IF that URL is on another site (domain), the fact that it is clicked
will never reach the original server.

So I still don't see how this can be used to detect that a user is
leaving your site. Yes, of course the second server can see it, when the
right referer header is sent, but NOT the server of the OP.

Or am I missing something completely here?

Regards,
Erwin Moller

PS: I read the only goal of this exercise was to say 'welcome back'. A
simple cookie might make more sense to do that.

Piotr schreef:

Erwin Moller wrote:

>sebastian schreef:

>>Can this be done without client-side scripting? I thought sessions
might be the answer but after some testing found that sometimes the
old session data remained even after the user left the site and
returned. Just had an idea, though. Perhaps I could access the users
Referrer header?

Hi Sebastian,

I think you cannot detect this without JavaScript.
If somebody goes somewhere else, your server is not notified.
You can only try this via JavaScript.

Referer:
And I don't see how the Referer header can help you out.
It is send to the next site (if send at all).

Session:
No go either.
A Session is nothing more than a piece of data on the server that is
linked to a certain visitor via a PHPSESSID (via cookie/url/form).
I don't see how they can help you with this.

So bottomline, bad luck.
You need JavaScript (or some other clientside technology, like an JAVA
applet).

Correct me if I'm wrong, but if user left his site, and then returned
refer would point to the other site. So detecting refer value could
possibly help the problem.

Hi Piotr,

I think you are wrong. ;-)
Or I miss something completely in this discussion.

Please check the answer I wrote to Sebastian for details.
And, of course, feel free to correct me/explain to me how to use the
referer header in a usefull way to detect a user leaving the site. I
still don't see how.

Regards,
Erwin Moller

>
@Sebastian
Refer it's send by the user, so can't be trusted. You can use it
to improve the functionality of the site, but don't use it to any
critical checks (like access controll ect.).

It's also possible, that refer will be empty, when user types in the url
or opens new window in 'new tab' (not sure about that though).

best regards
Piotr N

Erwin Moller wrote:

>>>after the user left the site and
returned.

I think you are wrong. ;-)
Or I miss something completely in this discussion.

Part refer is useful, is the moment when user *returns*.
Not when he's leaving. I believe that Sebastian wants to detect
*returning* clients (so he wont display welcome to them), not leaving ones.

If Sebastian sees that the users was on his site recently (session is
already there), but the refer does not point to his site, then he can
guess, that the user was on a site X and from the site X returned to his
site.

Ofc, you need to assume that session is stored in cookies, users accepts
and keep them, and that he returns by clicking on link.
But as for such trivial thing, as hiding welcome message, you can do so,
without risking it will spoil browsing experience for anyone.

best regards
Piotr N

Piotr schreef:

Erwin Moller wrote:

>>>after the user left the site and
returned.

>I think you are wrong. ;-)
Or I miss something completely in this discussion.

Part refer is useful, is the moment when user *returns*.
Not when he's leaving. I believe that Sebastian wants to detect
*returning* clients (so he wont display welcome to them), not leaving ones.

If Sebastian sees that the users was on his site recently (session is
already there), but the refer does not point to his site, then he can
guess, that the user was on a site X and from the site X returned to his
site.

Ofc, you need to assume that session is stored in cookies, users accepts
and keep them, and that he returns by clicking on link.
But as for such trivial thing, as hiding welcome message, you can do so,
without risking it will spoil browsing experience for anyone.

best regards
Piotr N

Hi Piotr,

All clear, I see now what you ment earlier.
I was focussed on the 'detecting leaving the site' part of the question.

Regards,
Erwin Moller

On 9 May, 12:05, Erwin Moller
<Since_humans_read_this_I_am_spammed_too_m...@spam yourself.comwrote:

Piotr schreef:

Erwin Moller wrote:

>>>after the user left the site and
returned.

I think you are wrong. ;-)
Or I miss something completely in this discussion.

Part refer is useful, is the moment when user *returns*.
Not when he's leaving. I believe that Sebastian wants to detect
*returning* clients (so he wont display welcome to them), not leaving ones.

If Sebastian sees that the users was on his site recently (session is
already there), but the refer does not point to his site, then he can
guess, that the user was on a site X and from the site X returned to his
site.

Ofc, you need to assume that session is stored in cookies, users accepts
and keep them, and that he returns by clicking on link.
But as for such trivial thing, as hiding welcome message, you can do so,
without risking it will spoil browsing experience for anyone.

best regards
Piotr N

Hi Piotr,

All clear, I see now what you ment earlier.
I was focussed on the 'detecting leaving the site' part of the question.

Regards,
Erwin Moller

....but getting back to the original post:

after some testing found that sometimes the
old session data remained even after the user left the site and
returned

Maybe - it depends on your definition of 'left the site'.

Sessions work by getting reaped when they've not been active for a
while (or when you explicitly destroy them in your code). OTOH the
session cookie will be retained for as long as the browser session is
active.

How you go about addressing your problem depends on what you are
trying to achieve:

e.g. if you want to see how users get in your site before abandoning
it, then the best solution might be to write your own session handler
which also logs the current URL then migrate this data to a log when
the session is reaped.

If you merely wish the sessions to expire quicker then adjust the
session.gc_ parameters

C.

I'll need to do some more testing, but just running a quick
preliminary test I found the Referer header never contained anything
*unless* the user was navigating within the site. Could be the
firewall? Anyway, this is just as well - as long as it doesn't point
to our site then I'll display the greeting. Thanks again everyone.

Cheers,
- Sebastian

sebastian wrote:

I'll need to do some more testing, but just running a quick
preliminary test I found the Referer header never contained anything
*unless* the user was navigating within the site. Could be the
firewall? Anyway, this is just as well - as long as it doesn't point
to our site then I'll display the greeting. Thanks again everyone.

Cheers,
- Sebastian

On YOUR system, with your browser and your firewall. Other combinations
work differently.

HTTP_REFERER should NEVER bet trusted.

The bottom line is - whether you want to believe it or not, HTTP is a
stateless protocol. There is no way you can reliably tell if someone
has left and returned to your site.

Others have told you that, also. It's time you to understand it.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================