Logging Off

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Gram
    #1

    Logging Off

    Hello, Can anoyone help me with the following:

    I have a application online using ASP in which users log in and log out.
    However, a lot of users simply close the window, bypassing my log-out
    script. I have tried using the Javascript onUnload function with success,but
    refreshing the screen also triggers this at the wrong time, Has anyone got
    any suggestions?

    Thanks in advance,

    Gram


    Tags: None
    • Richard Cornford
      #2
      Re: Logging Off

      "Gram" <gram3000@hotma il.com> wrote in message
      news:r8XBb.344$ HR.977@news.ind igo.ie...[color=blue]
      >I have a application online using ASP in which users log in and
      >log out. However, a lot of users simply close the window,
      >bypassing my log-out script. I have tried using the Javascript
      >onUnload function with success,but refreshing the screen also
      >triggers this at the wrong time, Has anyone got any suggestions?[/color]

      HTTP works with requests and responses to requests but the receipt of
      one request from a user (to log-on or whatever) does not imply anything
      about the user's desire, willingness or ability to make future requests.
      You can make people log-on but you cannot *need* them to log-off because
      under some circumstances they just may not be able to (even if willing),
      power cuts, failures in telephone networks, OS crashes, miscellaneous
      hardware failure, etc, etc. And client-side scripting is not going to
      help at all as under many of these conditions it is just as incapable of
      connecting to your server as the user would be.

      It does not make sense to be logging people on without maintaining a
      serve-side session for each user, exploiting the facilities built-in to
      most server side scripting and application server systems. If unused for
      more than a configurable period of time server-side sessions "time out"
      and are destroyed automatically, but another feature built-in is the
      ability to run code in response to the timing out of the server-side
      session. And so, if the user has not logged themselves out when the
      session times out (as should always be the case because active logging
      out by the user should destroy the users session to save server
      resources) the code that is run in response to the time out is in a
      position to do any logging out and/or server-side cleanup that may be
      required.

      By all means provide the user with a mechanism to log themselves out,
      request that they use it and log them out immediately if they do, but
      never *need* them to log out because often they won't and sometimes they
      cannot (and neither can any client side code). To write an application
      that _requires_ that the user actively logs out is to write an
      application that is not suitable for use over HTTP.

      Richard.


        Comment

        Previous template Next
        Working...