Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

FAQ Topic - How do I log-out a user when they leave my site? (2010-09-04)

1 view
Skip to first unread message

FAQ server

unread,
Sep 3, 2010, 7:00:03 PM9/3/10
to
-----------------------------------------------------------------------
FAQ Topic - How do I log-out a user when they leave my
site?
-----------------------------------------------------------------------

This cannot be done reliably. Here's why:

*
The user may disable javascript so the log-out script will
never execute.

*
The user may not be on-line when they close your web page.

*
Javascript errors elsewhere in the page may prevent the script
executing.

*
The browser may not support the onunload event, or may not fire
it under certain circumstances, so the log-out function will
not execute.

The URL below has more information.

<URL: http://groups.google.com/groups?selm=BlmZ7.55691%244x4.7344316%40news2-win.server.ntlworld.com>


The complete comp.lang.javascript FAQ is at
http://jibbering.com/faq/

--

The sendings of these daily posts are proficiently hosted
by http://www.pair.com.

Ry Nohryb

unread,
Sep 4, 2010, 4:48:02 AM9/4/10
to
On Sep 4, 1:00 am, "FAQ server" <javascr...@dotinternet.be> wrote:
> -----------------------------------------------------------------------
> FAQ Topic - How do I log-out a user when they leave my
> site?
> -----------------------------------------------------------------------
>
> This cannot be done reliably. Here's why:
>
> *
> The user may disable javascript so the log-out script will
> never execute.
>
> *
> The user may not be on-line when they close your web page.
>
> *
> Javascript errors elsewhere in the page may prevent the script
> executing.
>
> *
> The browser may not support the onunload event, or may not fire
> it under certain circumstances, so the log-out function will
> not execute.
>
> The URL below has more information.
>
> <URL:http://groups.google.com/groups?selm=BlmZ7.55691%244x4.7344316%40news...>

It can be done and very realiably-ly if the web app/page, at an
interval of say e.g. 2 minutes, sends to the server "I'm still alive
and kicking" requests, so that the server can take the proper
action(s) wrt that session id.
--
Jorge.

Garrett Smith

unread,
Sep 5, 2010, 1:19:00 AM9/5/10
to
On 2010-09-04 01:48 AM, Ry Nohryb wrote:
> On Sep 4, 1:00 am, "FAQ server"<javascr...@dotinternet.be> wrote:
>> -----------------------------------------------------------------------
>> FAQ Topic - How do I log-out a user when they leave my
>> site?
>> -----------------------------------------------------------------------
[...]

> It can be done and very realiably-ly if the web app/page, at an
> interval of say e.g. 2 minutes, sends to the server "I'm still alive
> and kicking" requests, so that the server can take the proper
> action(s) wrt that session id.

Well, you could do that, but what if the connection is dropped?

Sometimes, and more often on a laptop, the wireless connection drops or
the network cable comes unplugged.

The user may still be at the site, but if the connection is dropped,
then using that strategy, he could be logged off. That would be annoying
for the user; especially if he had just completed a complicated form.
--
Garrett

Ry Nohryb

unread,
Sep 5, 2010, 4:57:24 AM9/5/10
to

No connection would mean no forms sending either. In any case, a well
done app could allow the current session to be restored instead of
restarted.
--
Jorge.

RobG

unread,
Sep 5, 2010, 7:47:18 PM9/5/10
to

But it has nothing to do with logging off a user *when they leave the
site*. It is a client-initiated polling strategy, which is a poor
substitute for the server using a standard session timeout of say 5 to
20 minutes combined with a logout button that really does log them out
and training users to use it.

Mobile devices in particular can loose and regain connections
frequently. Having to log in again because a connection drop out
coincided with a polling request is very annoying as the user has no
control over either event and they are logged out for no good reason.
If users are aware of session auto-logout times, they become pretty
adept at keeping their session alive by sending trivial requests (e.g.
refresh the page). One application I worked on had an alert in the
page to tell users they had less than 5 minutes of their 20 minute
session remaining, they seem to like it.

All of which does not directly address the issue of logging out users
*when they leave the site* because that is inherently unreliable and
not necessarily a suitable criterion for ending a session.

The real issue is dealing with idle sessions that may no longer be
required for a variety of reasons, one of which is that the user has
navigated to some other site and no longer needs their session.


--
Rob

Ry Nohryb

unread,
Sep 7, 2010, 4:09:36 AM9/7/10
to
On Sep 6, 1:47 am, RobG <rg...@iinet.net.au> wrote:
> On Sep 4, 6:48 pm, Ry Nohryb <jo...@jorgechamorro.com> wrote:
>
> > It can be done and very realiably-ly if the web app/page, at an
> > interval of say e.g. 2 minutes, sends to the server "I'm still alive
> > and kicking" requests, so that the server can take the proper
> > action(s) wrt that session id.
>
> But it has nothing to do with logging off a user *when they leave the
> site*.

When a user leaves the site these heartbeat pings would stop arriving
at the server.

> It is a client-initiated polling strategy, which is a poor
> substitute for the server using a standard session timeout of say 5 to
> 20 minutes

What I said is not intended to replace anything, it's just one more
bit of information to help the server :

<quote>


take the proper action(s) wrt that session id

</quote>

> combined with a logout button that really does log them out
> and training users to use it.
>
> Mobile devices in particular can loose and regain connections
> frequently. Having to log in again because a connection drop out
> coincided with a polling request is very annoying as the user has no
> control over either event and they are logged out for no good reason.
> If users are aware of session auto-logout times, they become pretty
> adept at keeping their session alive by sending trivial requests (e.g.
> refresh the page). One application I worked on had an alert in the
> page to tell users they had less than 5 minutes of their 20 minute
> session remaining, they seem to like it.

As long as I have a page open intentionally, I'd wish no to be be
disturbed every 20 min with any alert that says "click here now or
I'll kill your session". But that's me.

Instead, I'd understand that if I turn off the iPhone, or close the
laptop's lid for too long, I *might* be disconnected. But for that
well done apps provide session re-connection/resume/restore
capabilities, which is !== a mere session cold-reset/restart.

> All of which does not directly address the issue of logging out users
> *when they leave the site* because that is inherently unreliable and
> not necessarily a suitable criterion for ending a session.

I think I agree. It depends on what does that "that" refer to.

> The real issue is dealing with idle sessions that may no longer be
> required for a variety of reasons, one of which is that the user has
> navigated to some other site and no longer needs their session.

Many sites have a checkbox that says "I'm using my own private
computer", to help the server choose a more proper strategy wrt this:
sessions can/should be much more "sticky" when you're connecting from
your own machine.
--
Jorge.

0 new messages