Simple force session logout time on leave page

**Jerry Stuckle** · Oct 13 '08, 08:55 PM

Re: Simple force session logout time on leave page

Thiago Macedo wrote:

I could not find on the web a complete solution for this task.
This is not the perfect solution, because it's doesn't have the
ability to log the logout if browser crash or user leave it open while
the session time out expires.
So, any improvement would be apreciated.
>
>
1. Make the system frameable, by creating a frameset page with an
unique frame - the system. So the user could navigate through the
pages without "leave" the website.
>
<frameset rows="*" framespacing="0 " border="0"
onunload="unloa dLogOut();">
<frame id="fmeSys" name="fmeSys" src="index.php" frameborder="0"
scrolling="auto " />
</frameset>
>
2. Save this frameset page (default.html). Note the onunload event of
frameset object. It calls the following function.
>
<script language="javas cript">
function unloadLogOut() {
var xmlHttp;
try {
// Firefox, Opera 8.0 , Safari
xmlHttp = new XMLHttpRequest( );
} catch (e) {
// Internet Explorer
try {
xmlHttp=new ActiveXObject(" Msxml2.XMLHTTP" );
} catch (e) {
try {
xmlHttp=new ActiveXObject(" Microsoft.XMLHT TP");
} catch (e) {
return false;
}
}
}
xmlHttp.open("G ET","logout.php ",true);
xmlHttp.send(nu ll);
}
</script>
>
3. The logout.php script is where you update the logout time and
session_destroy ().
>
mysql_query("UP DATE log SET dt_logout = NOW()
WHERE id_user = $_SESSION[id_user]
AND id = $_SESSION[id_access]");
session_destroy ();
>
>
Best regards,
Thiago
>

HTTP is a stateless protocol, and there is no way to tell when someone
leaves your page. And your idea will fail if, for instance, they have
javascript disabled.

Why do you want to force your users to run through hoops, anyway? If
you absolutely need such functionality, use java applets.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**Gordon Burditt** · Oct 13 '08, 10:45 PM

Re: Simple force session logout time on leave page

>I could not find on the web a complete solution for this task.

You don't control the user's browser, the user does.

>This is not the perfect solution, because it's doesn't have the
>ability to log the logout if browser crash or user leave it open while
>the session time out expires.
>So, any improvement would be apreciated.

It's thinking like yours that increases the percentage of users
who turn off Javascript.

**Thiago Macedo** · Oct 14 '08, 03:55 AM

Re: Simple force session logout time on leave page

On Oct 13, 6:50 pm, Jerry Stuckle <jstuck...@attg lobal.netwrote:

HTTP is a stateless protocol, and there is no way to tell when someone
leaves your page. And your idea will fail if, for instance, they have
javascript disabled.

This functionality were implemented on a CMS which needs JS to be
enabled to work properly. So, on those situations it'll work for my
needs.

Why do you want to force your users to run through hoops, anyway?

Completer user login log control. They are not my users, however, and
I agree that this is not a very relevant information. But, by seeing
on the web other people trying to get this acomplished, I decided to
publish it.

If you absolutely need such functionality, use java applets.

I couldn't.

I'm not trying to control the user's browser, I'm just trying to have
the ability to know when he left, simply as the time he arrived.
I have seen this done with popups on unload.. this is annoying. But
using assinc calls I have not seen any problems - YET, IMO

>
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attgl obal.net
=============== ===

**Jerry Stuckle** · Oct 14 '08, 10:45 AM

Re: Simple force session logout time on leave page

Thiago Macedo wrote:

On Oct 13, 6:50 pm, Jerry Stuckle <jstuck...@attg lobal.netwrote:

>HTTP is a stateless protocol, and there is no way to tell when someone
>leaves your page. And your idea will fail if, for instance, they have
>javascript disabled.

This functionality were implemented on a CMS which needs JS to be
enabled to work properly. So, on those situations it'll work for my
needs.
>

And will lose 5-15% of your potential customers.

>Why do you want to force your users to run through hoops, anyway?

Completer user login log control. They are not my users, however, and
I agree that this is not a very relevant information. But, by seeing
on the web other people trying to get this acomplished, I decided to
publish it.
>

You can't control user login. And attempting to do so will just lose
you more potential customers.

>If you absolutely need such functionality, use java applets.

I couldn't.
>

It's the only way to have the control you want.

>
I'm not trying to control the user's browser, I'm just trying to have
the ability to know when he left, simply as the time he arrived.
I have seen this done with popups on unload.. this is annoying. But
using assinc calls I have not seen any problems - YET, IMO
>

No, you won't see any problems, because you will never see those
potential customers who left.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**Erwin Moller** · Oct 14 '08, 11:05 AM

Re: Simple force session logout time on leave page

Thiago Macedo schreef:

I could not find on the web a complete solution for this task.
This is not the perfect solution, because it's doesn't have the
ability to log the logout if browser crash or user leave it open while
the session time out expires.
So, any improvement would be apreciated.
>
>
1. Make the system frameable, by creating a frameset page with an
unique frame - the system. So the user could navigate through the
pages without "leave" the website.
>
<frameset rows="*" framespacing="0 " border="0"
onunload="unloa dLogOut();">
<frame id="fmeSys" name="fmeSys" src="index.php" frameborder="0"
scrolling="auto " />
</frameset>
>
2. Save this frameset page (default.html). Note the onunload event of
frameset object. It calls the following function.
>
<script language="javas cript">
function unloadLogOut() {
var xmlHttp;
try {
// Firefox, Opera 8.0 , Safari
xmlHttp = new XMLHttpRequest( );
} catch (e) {
// Internet Explorer
try {
xmlHttp=new ActiveXObject(" Msxml2.XMLHTTP" );
} catch (e) {
try {
xmlHttp=new ActiveXObject(" Microsoft.XMLHT TP");
} catch (e) {
return false;
}
}
}
xmlHttp.open("G ET","logout.php ",true);
xmlHttp.send(nu ll);
}
</script>
>
3. The logout.php script is where you update the logout time and
session_destroy ().
>
mysql_query("UP DATE log SET dt_logout = NOW()
WHERE id_user = $_SESSION[id_user]
AND id = $_SESSION[id_access]");
session_destroy ();
>
>
Best regards,
Thiago

Hi Thiago,

Your server cannot know if the user closes the browser/browser
crashes/etc. without additional technology (like Jerry said: eg Java
applets)

So you cannot know reliably when/if this happens.

A better approach for you logon/logout logging mechanism would be:
1) Write your own sessionhadler.

PHP: session_set_save_handler - Manual

http://nl3.php.net/manual/en/function.session-set-save-handler.php

Sets user-level session storage functions

2) When a session is destroyed (by deliberate logging out OR because of
sessiontimeout) simply log the time in your table log.

I have build a few sites that use that approach when I need to close
things when a session is over and the user didn't log out as (s)he is
supposed to.

Regards,
Erwin Moller

--

**Thiago Macedo** · Oct 14 '08, 07:25 PM

Re: Simple force session logout time on leave page

On Oct 14, 7:55 am, Erwin Moller
<Since_humans_r ead_this_I_am_s pammed_too_m... @spamyourself.c omwrote:

Thiago Macedo schreef:
>
>
>

I could not find on the web a complete solution for this task.
This is not the perfect solution, because it's doesn't have the
ability to log the logout if browser crash or user leave it open while
the session time out expires.
So, any improvement would be apreciated.

>

1. Make the system frameable, by creating a frameset page with an
unique frame - the system. So the user could navigate through the
pages without "leave" the website.

>

>

2. Save this frameset page (default.html). Note the onunload event of
frameset object. It calls the following function.

>

>

3. The logout.php script is where you update the logout time and
session_destroy ().

>

mysql_query("UP DATE log SET dt_logout = NOW()
WHERE id_user = $_SESSION[id_user]
AND id = $_SESSION[id_access]");
session_destroy ();

>

Best regards,
Thiago

>
Hi Thiago,
>
Your server cannot know if the user closes the browser/browser
crashes/etc. without additional technology (like Jerry said: eg Java
applets)
>
So you cannot know reliably when/if this happens.
>
A better approach for you logon/logout logging mechanism would be:
1) Write your own sessionhadler.http://nl3.php.net/manual/en/functio...ve-handler.php
>
2) When a session is destroyed (by deliberate logging out OR because of
sessiontimeout) simply log the time in your table log.
>
I have build a few sites that use that approach when I need to close
things when a session is over and the user didn't log out as (s)he is
supposed to.
>
Regards,
Erwin Moller
>
--

Thank you, Jerry and Erwin, for the good replys.
I agree with your approach. A little bit more expensive for me, but
finally do the job.

I understand your appointments, Jerry, but on my case I really need to
do that, and the user won't worry about. But surely, I'll take this on
consideration on more open (public) systems.

Regards,
Thiago

Simple force session logout time on leave page

Simple force session logout time on leave page

Comment

Comment

Comment

Comment

Comment

Comment