By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,949 Members | 1,838 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,949 IT Pros & Developers. It's quick & easy.

Simple force session logout time on leave page

P: n/a
I could not find on the web a complete solution for this task.
This is not the perfect solution, because it's doesn't have the
ability to log the logout if browser crash or user leave it open while
the session time out expires.
So, any improvement would be apreciated.
1. Make the system frameable, by creating a frameset page with an
unique frame - the system. So the user could navigate through the
pages without "leave" the website.

<frameset rows="*" framespacing="0" border="0"
onunload="unloadLogOut();">
<frame id="fmeSys" name="fmeSys" src="index.php" frameborder="0"
scrolling="auto" />
</frameset>

2. Save this frameset page (default.html). Note the onunload event of
frameset object. It calls the following function.

<script language="javascript">
function unloadLogOut() {
var xmlHttp;
try {
// Firefox, Opera 8.0 , Safari
xmlHttp = new XMLHttpRequest();
} catch (e) {
// Internet Explorer
try {
xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
} catch (e) {
try {
xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
} catch (e) {
return false;
}
}
}
xmlHttp.open("GET","logout.php",true);
xmlHttp.send(null);
}
</script>

3. The logout.php script is where you update the logout time and
session_destroy().

mysql_query("UPDATE log SET dt_logout = NOW()
WHERE id_user = $_SESSION[id_user]
AND id = $_SESSION[id_access]");
session_destroy();
Best regards,
Thiago
Oct 13 '08 #1
Share this Question
Share on Google+
6 Replies


P: n/a
Thiago Macedo wrote:
I could not find on the web a complete solution for this task.
This is not the perfect solution, because it's doesn't have the
ability to log the logout if browser crash or user leave it open while
the session time out expires.
So, any improvement would be apreciated.
1. Make the system frameable, by creating a frameset page with an
unique frame - the system. So the user could navigate through the
pages without "leave" the website.

<frameset rows="*" framespacing="0" border="0"
onunload="unloadLogOut();">
<frame id="fmeSys" name="fmeSys" src="index.php" frameborder="0"
scrolling="auto" />
</frameset>

2. Save this frameset page (default.html). Note the onunload event of
frameset object. It calls the following function.

<script language="javascript">
function unloadLogOut() {
var xmlHttp;
try {
// Firefox, Opera 8.0 , Safari
xmlHttp = new XMLHttpRequest();
} catch (e) {
// Internet Explorer
try {
xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
} catch (e) {
try {
xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
} catch (e) {
return false;
}
}
}
xmlHttp.open("GET","logout.php",true);
xmlHttp.send(null);
}
</script>

3. The logout.php script is where you update the logout time and
session_destroy().

mysql_query("UPDATE log SET dt_logout = NOW()
WHERE id_user = $_SESSION[id_user]
AND id = $_SESSION[id_access]");
session_destroy();
Best regards,
Thiago
HTTP is a stateless protocol, and there is no way to tell when someone
leaves your page. And your idea will fail if, for instance, they have
javascript disabled.

Why do you want to force your users to run through hoops, anyway? If
you absolutely need such functionality, use java applets.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Oct 13 '08 #2

P: n/a
>I could not find on the web a complete solution for this task.

You don't control the user's browser, the user does.
>This is not the perfect solution, because it's doesn't have the
ability to log the logout if browser crash or user leave it open while
the session time out expires.
So, any improvement would be apreciated.
It's thinking like yours that increases the percentage of users
who turn off Javascript.

Oct 13 '08 #3

P: n/a
On Oct 13, 6:50*pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
HTTP is a stateless protocol, and there is no way to tell when someone
leaves your page. *And your idea will fail if, for instance, they have
javascript disabled.
This functionality were implemented on a CMS which needs JS to be
enabled to work properly. So, on those situations it'll work for my
needs.
Why do you want to force your users to run through hoops, anyway?
Completer user login log control. They are not my users, however, and
I agree that this is not a very relevant information. But, by seeing
on the web other people trying to get this acomplished, I decided to
publish it.
If you absolutely need such functionality, use java applets.
I couldn't.
I'm not trying to control the user's browser, I'm just trying to have
the ability to know when he left, simply as the time he arrived.
I have seen this done with popups on unload.. this is annoying. But
using assinc calls I have not seen any problems - YET, IMO
>
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attglobal.net
==================
Oct 14 '08 #4

P: n/a
Thiago Macedo wrote:
On Oct 13, 6:50 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
>HTTP is a stateless protocol, and there is no way to tell when someone
leaves your page. And your idea will fail if, for instance, they have
javascript disabled.
This functionality were implemented on a CMS which needs JS to be
enabled to work properly. So, on those situations it'll work for my
needs.
And will lose 5-15% of your potential customers.
>Why do you want to force your users to run through hoops, anyway?
Completer user login log control. They are not my users, however, and
I agree that this is not a very relevant information. But, by seeing
on the web other people trying to get this acomplished, I decided to
publish it.
You can't control user login. And attempting to do so will just lose
you more potential customers.
>If you absolutely need such functionality, use java applets.
I couldn't.
It's the only way to have the control you want.
>
I'm not trying to control the user's browser, I'm just trying to have
the ability to know when he left, simply as the time he arrived.
I have seen this done with popups on unload.. this is annoying. But
using assinc calls I have not seen any problems - YET, IMO
No, you won't see any problems, because you will never see those
potential customers who left.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Oct 14 '08 #5

P: n/a
Thiago Macedo schreef:
I could not find on the web a complete solution for this task.
This is not the perfect solution, because it's doesn't have the
ability to log the logout if browser crash or user leave it open while
the session time out expires.
So, any improvement would be apreciated.
1. Make the system frameable, by creating a frameset page with an
unique frame - the system. So the user could navigate through the
pages without "leave" the website.

<frameset rows="*" framespacing="0" border="0"
onunload="unloadLogOut();">
<frame id="fmeSys" name="fmeSys" src="index.php" frameborder="0"
scrolling="auto" />
</frameset>

2. Save this frameset page (default.html). Note the onunload event of
frameset object. It calls the following function.

<script language="javascript">
function unloadLogOut() {
var xmlHttp;
try {
// Firefox, Opera 8.0 , Safari
xmlHttp = new XMLHttpRequest();
} catch (e) {
// Internet Explorer
try {
xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
} catch (e) {
try {
xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
} catch (e) {
return false;
}
}
}
xmlHttp.open("GET","logout.php",true);
xmlHttp.send(null);
}
</script>

3. The logout.php script is where you update the logout time and
session_destroy().

mysql_query("UPDATE log SET dt_logout = NOW()
WHERE id_user = $_SESSION[id_user]
AND id = $_SESSION[id_access]");
session_destroy();
Best regards,
Thiago
Hi Thiago,

Your server cannot know if the user closes the browser/browser
crashes/etc. without additional technology (like Jerry said: eg Java
applets)

So you cannot know reliably when/if this happens.

A better approach for you logon/logout logging mechanism would be:
1) Write your own sessionhadler.
http://nl3.php.net/manual/en/functio...ve-handler.php

2) When a session is destroyed (by deliberate logging out OR because of
sessiontimeout) simply log the time in your table log.

I have build a few sites that use that approach when I need to close
things when a session is over and the user didn't log out as (s)he is
supposed to.

Regards,
Erwin Moller

--
Oct 14 '08 #6

P: n/a
On Oct 14, 7:55*am, Erwin Moller
<Since_humans_read_this_I_am_spammed_too_m...@spam yourself.comwrote:
Thiago Macedo schreef:
I could not find on the web a complete solution for this task.
This is not the perfect solution, because it's doesn't have the
ability to log the logout if browser crash or user leave it open while
the session time out expires.
So, any improvement would be apreciated.
1. Make the system frameable, by creating a frameset page with an
unique frame - the system. So the user could navigate through the
pages without "leave" the website.
<frameset rows="*" framespacing="0" border="0"
onunload="unloadLogOut();">
* <frame id="fmeSys" name="fmeSys" src="index.php" frameborder="0"
scrolling="auto" />
</frameset>
2. Save this frameset page (default.html). Note the onunload event of
frameset object. It calls the following function.
<script language="javascript">
function unloadLogOut() {
* * var xmlHttp;
* * try {
* * * * // Firefox, Opera 8.0 , Safari
* * * * xmlHttp = new XMLHttpRequest();
* * } catch (e) {
* * * * // Internet Explorer
* * * * try {
* * * * * * xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
* * * * } catch (e) {
* * * * * * try {
* * * * * * * * xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
* * * * * * } catch (e) {
* * * * * * * * return false;
* * * * * * }
* * * * }
* * }
* * xmlHttp.open("GET","logout.php",true);
* * xmlHttp.send(null);
}
</script>
3. The logout.php script is where you update the logout time and
session_destroy().
mysql_query("UPDATE log SET dt_logout = NOW()
* * * * * * * * * * * *WHERE id_user = $_SESSION[id_user]
* * * * * * * * * * * * *AND id = $_SESSION[id_access]");
session_destroy();
Best regards,
Thiago

Hi Thiago,

Your server cannot know if the user closes the browser/browser
crashes/etc. without additional technology (like Jerry said: eg Java
applets)

So you cannot know reliably when/if this happens.

A better approach for you logon/logout logging mechanism would be:
1) Write your own sessionhadler.http://nl3.php.net/manual/en/functio...ve-handler.php

2) When a session is destroyed (by deliberate logging out OR because of
sessiontimeout) simply log the time in your table log.

I have build a few sites that use that approach when I need to close
things when a session is over and the user didn't log out as (s)he is
supposed to.

Regards,
Erwin Moller

--
Thank you, Jerry and Erwin, for the good replys.
I agree with your approach. A little bit more expensive for me, but
finally do the job.

I understand your appointments, Jerry, but on my case I really need to
do that, and the user won't worry about. But surely, I'll take this on
consideration on more open (public) systems.
Regards,
Thiago
Oct 14 '08 #7

This discussion thread is closed

Replies have been disabled for this discussion.