> In the login/logout system I use, I use a timestamp field in the user > accounts DB table, which is updated every request a logged-in user makes. > When they log out, it subtracts the session timeout value (usually 20 > mins) > from the timestamp to enable re-login. Of course, the timestamp field is > used when logging in to prevent two people logging into the same account.
> This all works pretty well, but a client is asking about having the > session > expire when they close a browser. I've seen this covered before, but I've > always noticed people reporting problems with it. Does the whole <body > onunload="window.open('logout.cfm');"> solution work well? What are the > specific problems, if any? > I'm also wondering whether I should upgrade my 'system' to use client > variables stored in a DB. I gather this is a preferred technique and is > more > scaleable. But would it solve any of the above problems? What are the pros > and cons of using client vars in a DB over using session vars? Or am I > comparing apples and oranges? There's actually a really slick solution assuming the application will only support MSIE 5.0+ browsers... <script language="javascript"> window._leaving = true; function tryLogout() { if (window._leaving==true) { window.frames.logout.location.replace("logout.cfm"); } } window.onbeforeunload = new Function("if(window.)"); </script> <body onunload="tryLogout();"> <iframe name="logout" style="display:none;"></iframe> The annoying part of this is that on any given link you have to make sure you set the window._leaving value to false before you go to another page within the application, otherwise the user will get logged out... I have an app which uses this with the top most window being a console that never moves until the user logs out -- everything the user does is inside of more frames, so I only have to worry about the logout portion if I need to reload the top-most window for some reason, which is fairly uncommon. In IE this traps the window unloading and sends the iframe to the logout script prior to moving to a new page from the address bar or from closing the window, etc... And since it's not a popup window, you don't have to worry about popup killers, and it's transparent to the user, which is another bonus :) ... In theory you might be able to get something similar to work in Netscape -- onunload() didn't work for me in IE (it might in netscape I don't know) and onbeforeunload() doesn't exist in Netscape that I'm aware... And of course -- if users have script blocking enabled ( which is easy enough to accomplish -- it's one of the available features in Norton Firewall for instance ), none of this works... :) hth Isaac Dealey Certified Advanced ColdFusion 5 Developer www.turnkey.to 954-776-0046 ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists