Results 1 to 15 of 15

Thread: [2005] Logout user when he closes browser

  1. #1

    Thread Starter
    PowerPoster MMock's Avatar
    Join Date
    Apr 2007
    Location
    My Mustang GT
    Posts
    4,566

    [2005] Logout user when he closes browser

    My application has a logout link which will cleanly log out a user so he can log in again later. If he just closes his browser, the application thinks he is still logged in. I just wanted to make extra sure that I can't run any code when the user closes his browser which would automatically log him out - because closing the browser happens on the client and the server can't know about it. Is this correct? Has anyone devised a slick solution to this limitation? I guess the Logout link is too much trouble for the user to click, or maybe he's just forgetful...

    Thanks.

  2. #2
    I'm about to be a PowerPoster! mendhak's Avatar
    Join Date
    Feb 2002
    Location
    Ulaan Baator GooGoo: Frog
    Posts
    38,170

    Re: [2005] Logout user when he closes browser

    It's bad design to have to code that way. Ideally, you should write your application in a way that can deal with this situation - if the user opens a new window after closing the current one and is still logged in, is that really a big deal?

    Think of Facebook, VBForums, Flickr, etc... the applications work fine even if you return in a new window.

    Having said that, I did once write something for it...

    http://www.vbforums.com/showthread.php?t=391028

  3. #3

    Thread Starter
    PowerPoster MMock's Avatar
    Join Date
    Apr 2007
    Location
    My Mustang GT
    Posts
    4,566

    Re: [2005] Logout user when he closes browser

    That's okay. If it's bad design, I don't want to do it. I'll let him stay logged in.

    This is an area of our application that I have spent time on here and there over the past 6 months and I have trouble understanding what the previous developer had in mind. One thing that is happening is there is a user, let's say he logs in with an id "CustomerService". He would forget to logout and want to work at home. So it was designed to let the 2nd login in and knock out the first. This was fine until more employees came on board and started sharing the CustomerService id. (Don't ask me why a second id wasn't created). So Joe would be in, and John would also get in successfully with the same id, and the next time Joe went to a page that wanted to check was he logged in, he wasn't, because Joe had taken it over. So John was kicked out. I'm just trying to fix all this.

  4. #4

    Thread Starter
    PowerPoster MMock's Avatar
    Join Date
    Apr 2007
    Location
    My Mustang GT
    Posts
    4,566

    Re: [2005] Logout user when he closes browser

    So mendhak, are you saying that a good management of logins is to just check that user x with password y is defined to my application, and just let him in?

  5. #5
    I'm about to be a PowerPoster! mendhak's Avatar
    Join Date
    Feb 2002
    Location
    Ulaan Baator GooGoo: Frog
    Posts
    38,170

    Re: [2005] Logout user when he closes browser

    Depends on the type of application. Was there a business reason for knocking out the first login from another machine? It makes sense when using MSN Messenger, because you only want one client connected to the server at a time.

    I suppose the question can be rephrased as "If two people are logged in with the same ID at the same time and are performing operations and using the application, will it cause a problem?"

    In most web applications, concurrent access isn't a problem, because of the stateless nature of the web. A request goes out and that's all it is - a request which a page processes.

  6. #6

    Thread Starter
    PowerPoster MMock's Avatar
    Join Date
    Apr 2007
    Location
    My Mustang GT
    Posts
    4,566

    Re: [2005] Logout user when he closes browser

    The only reason for the second knocking out the first was that it was assumed the second person was the same person as the first so it logged out the first, but you're right - why couldn't it just have let the same person in from two different places? I dont know anything about MSN Messenger, so I would think if we were using it I would know by now!

    No, I don't believe two (or three) users logged in with the same id would be a problem when they are actually three different physical people, but does it make more sense to give them each their own id? Or, if they are all doing adminstrative functions, does it make sense to have one login, "administrator", that can be on three times?

    And even though it touches out of this forum into Database Development, SQL Server will be okay with three people doing updates and deletes because it was designed as a multi-user dbms? These three people all sit in the same room (when they're not at home!) and I think their jobs are well enough defined that they don't overlap.

    One more thing (and I may be sorry I asked) - why does ASP seem to be able to detect that the browser has closed?

    Thanks.

  7. #7
    I'm about to be a PowerPoster! mendhak's Avatar
    Join Date
    Feb 2002
    Location
    Ulaan Baator GooGoo: Frog
    Posts
    38,170

    Re: [2005] Logout user when he closes browser

    It makes sense to have a username/password for each physical person and assign them to that role. If that's too much to change in the application, then it does make sense to just have a single 'admin' ID that anyone can use concurrently.

    Yes, SQL Server can handle that kind of work, but there may sometimes be problems which occur in some circumstances. For example, Person1 deletes a row and just 1 second later, Person2, who had that row data on his screen, attempts to update it. There will be an error because the row no longer exists. But this hasn't much to do with concurrent logins. This scenario could occur even if two different usernames were logged in.

  8. #8
    I'm about to be a PowerPoster! mendhak's Avatar
    Join Date
    Feb 2002
    Location
    Ulaan Baator GooGoo: Frog
    Posts
    38,170

    Re: [2005] Logout user when he closes browser

    Quote Originally Posted by MMock

    One more thing (and I may be sorry I asked) - why does ASP seem to be able to detect that the browser has closed?
    You'll have to rephrase and explain what you mean. ASP/ASP.NET can't know that a browser has closed.

  9. #9

    Thread Starter
    PowerPoster MMock's Avatar
    Join Date
    Apr 2007
    Location
    My Mustang GT
    Posts
    4,566

    Re: [2005] Logout user when he closes browser

    Quote Originally Posted by mendhak
    You'll have to rephrase and explain what you mean. ASP/ASP.NET can't know that a browser has closed.
    This is a line of code in our header.asp file (recall, my application is frame-based, with a menu, a header and a work area).

    Code:
    <BODY TOPMARGIN="1" BGCOLOR="#F0F0F6" ONLOAD="closing=true;" ONUNLOAD="if (closing) window.open('../login/PopUpLogout.asp?usr_ik=<%=Qusr_ik%>','_blank', 'width=240,height=180,toolbar=1,location=1,directories=1,status=0,menuBar=1,scrollBars=1,resizable=1');">
    PopUpLogout is a window with a timer so it is displayed for 2 seconds, says "logging out" and the code updates the database to log out this user even if he X'd out of the browser.

  10. #10
    I'm about to be a PowerPoster! mendhak's Avatar
    Join Date
    Feb 2002
    Location
    Ulaan Baator GooGoo: Frog
    Posts
    38,170

    Re: [2005] Logout user when he closes browser

    That's javascript. The JavaScript is handling the form's unload event, which in turn is opening a new window that loads an ASP page that talks to the database. It's not ASP that knows that the window is closing, it's just loading an ASP page that is doing what it was designed to do - talk to a database. It could have been anything in the popup window, even a rickroll.

  11. #11

    Thread Starter
    PowerPoster MMock's Avatar
    Join Date
    Apr 2007
    Location
    My Mustang GT
    Posts
    4,566

    Re: [2005] Logout user when he closes browser

    Okay, but the bottom line is the application (be it whatever it is comprised of - js, asp, etc) knows it is closing, right? Here it is ASP running javascript. Something knows it is being unloaded and gets things rolling to implicitly logout the user who didn't take the time to explicitly logout. Can the same be done in ASP.NET?

  12. #12
    I'm about to be a PowerPoster! mendhak's Avatar
    Join Date
    Feb 2002
    Location
    Ulaan Baator GooGoo: Frog
    Posts
    38,170

    Re: [2005] Logout user when he closes browser

    Yes, you'd replace the PopUpLogout.asp with PopUpLogout.aspx that performs the same function.

  13. #13

    Thread Starter
    PowerPoster MMock's Avatar
    Join Date
    Apr 2007
    Location
    My Mustang GT
    Posts
    4,566

    Re: [2005] Logout user when he closes browser

    My difficulty is in how to detect, in .net, that the form/application/browser is closing in order to call the popuplogout?

  14. #14
    I'm about to be a PowerPoster! mendhak's Avatar
    Join Date
    Feb 2002
    Location
    Ulaan Baator GooGoo: Frog
    Posts
    38,170

    Re: [2005] Logout user when he closes browser

    No, that's javascript. You have

    <BODY TOPMARGIN="1" BGCOLOR="#F0F0F6" ONLOAD="closing=true;" ONUNLOAD="if (closing) window.open('../login/PopUpLogout.asp?usr_ik=<%=Qusr_ik%>','_blank', 'width=240,height=180,toolbar=1,location=1,directories=1,status=0,menuBar=1,scrollBars=1,resizable=1 ');">

    onunload is a javascript method that will still work. It's what it's calling that will change.

  15. #15

    Thread Starter
    PowerPoster MMock's Avatar
    Join Date
    Apr 2007
    Location
    My Mustang GT
    Posts
    4,566

    Re: [2005] Logout user when he closes browser

    Oh, right. I guess I am thinking long-term. Right now I am still using asp frames so I still have this file, header.asp, and it needs to be changed to call popupLogout.aspx. Sometime in the (probably more distant than I would like) future, the asp frames will go away and I'll need something else. But I can ask you that detail in a couple years .

    Thanks, mendhak.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width