[thelist] Logout

Lee Kowalkowski lee.kowalkowski at googlemail.com
Tue Oct 2 04:52:41 CDT 2007


On 02/10/2007, Giuseppe Totaro <totaropeppe at yahoo.it> wrote:
> Hi,
>
> maybe this is a problem that haven't a clean solution.
> My customer ask me that web application's user log out when he close your browser (FF and MSIE 7).
> Is it possible handle this problem with JavaScript (We're using JSP)?
>
> Giuseppe

If you're using session cookies for authentication, there shouldn't be
anything to do, as closing the browser (completely) will destroy them.
 Although the tabbed browsing trend means this will happen less.

The only JS events I can think to use would be window.onunload or
onbeforeunload, but these will fire on every navigation away from a
page, (refresh/back/forward/close) etc.

If the majority of your users have a predominant access point i.e.
they tend to always start at the front-page e.g. www.example.com, you
could force a logout there, as long as it's a point they are unlikely
to return to whilst surfing.

You could make it a point they are unlikely to return to by having
www.example.com redirect to www.example.com/welcome and have no links
to www.example.com in your site (go directly to /welcome).

I don't think there's an easy, fail-safe catch-all I'm afraid.

I suppose you could try setting a very short persistent cookie on
unbeforeload, and if the server doesn't receive it, you're logged out.

To keep graceful degradation though you'd perhaps need to also set a
session cookie during onload too (to signal that JS is available), and
the server only logs out if only the first cookie is present.

There's all sorts of things you can play with like that, make your
customer realise the potential cost with respect to complexity and
testing, my first recommendation to the customer would be to not
bother.

-- 
Lee



More information about the thelist mailing list