> In the login/logout system I use, I use a timestamp field in the user
> accounts DB table, which is updated every request a logged-in user makes.
> When they log out, it subtracts the session timeout value (usually 20
> mins)
> from the timestamp to enable re-login. Of course, the timestamp field is
> used when logging in to prevent two people logging into the same account.
> This all works pretty well, but a client is asking about having the
> session
> expire when they close a browser. I've seen this covered before, but I've
> always noticed people reporting problems with it. Does the whole <body
> onunload="window.open('logout.cfm');"> solution work well? What are the
> specific problems, if any?
> I'm also wondering whether I should upgrade my 'system' to use client
> variables stored in a DB. I gather this is a preferred technique and is
> more
> scaleable. But would it solve any of the above problems? What are the pros
> and cons of using client vars in a DB over using session vars? Or am I
> comparing apples and oranges?
There's actually a really slick solution assuming the application will only
support MSIE 5.0+ browsers...
<script language="javascript">
window._leaving = true;
function tryLogout() {
if (window._leaving==true) {
window.frames.logout.location.replace("logout.cfm");
}
}
window.onbeforeunload = new Function("if(window.)");
</script>
<body onunload="tryLogout();">
<iframe name="logout" style="display:none;"></iframe>
The annoying part of this is that on any given link you have to make sure
you set the window._leaving value to false before you go to another page
within the application, otherwise the user will get logged out... I have an
app which uses this with the top most window being a console that never
moves until the user logs out -- everything the user does is inside of more
frames, so I only have to worry about the logout portion if I need to reload
the top-most window for some reason, which is fairly uncommon.
In IE this traps the window unloading and sends the iframe to the logout
script prior to moving to a new page from the address bar or from closing
the window, etc... And since it's not a popup window, you don't have to
worry about popup killers, and it's transparent to the user, which is
another bonus :) ... In theory you might be able to get something similar to
work in Netscape -- onunload() didn't work for me in IE (it might in
netscape I don't know) and onbeforeunload() doesn't exist in Netscape that
I'm aware...
And of course -- if users have script blocking enabled ( which is easy
enough to accomplish -- it's one of the available features in Norton
Firewall for instance ), none of this works... :)
hth
Isaac Dealey
Certified Advanced ColdFusion 5 Developer
www.turnkey.to
954-776-0046
______________________________________________________________________
Your ad could be here. Monies from ads go to support these lists and provide more
resources for the community. http://www.fusionauthority.com/ads.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
