Problem when user navigate away from my site.

[satyac46]

Dear friends

 

Please go through this one and think little bit what i am asking.

 

When ever user log in to my site and with out log out he type another url on address bar such as yahoomail.com .And navigate away from my site.From there he used back button to came back to my site. But the user still looks login.

 

What i need is, he should logout when he moves away from my site.

 

Any body can suggest how to achieve this one using javascript or PHP.if possible help with some code.

 

An advanced Thanks for every one

 

 

 

[PHP_PhREEEk]

You can only set a timer to kill the session, cookie, or both. A page refresh on your site resets the timer. There is a tutorial here at PHP Freaks regarding session timers.

 

Basically, a server just sits and listens, it doesn't 'watch'. If it receives a request, it reacts. It has no idea if someone previously sending requests ends up requesting something from another website. It only knows how long it's been since the last request.

 

PhREEEk

[satyac46]

Yes,You said correct.But, is there any way to solve this one through javascript

 

1.on unload to get the typed URL.

2.Or getting the previous URL when user came back to site using javascript.

 

Please consider to set it to all the site.

To logout my user.

 

Thanks for your help

[cooldude832]

the back button in the browser does not initialize a refresh of the page, thus all data will look pretanined, however most likely the session data is gone.  Some sessions will automatically kill on navigation away.

[blueman378]

could you not use a script which checks to see if the users referrer is on your domain, if not it runs the logout script?

 

just a idea

[cooldude832]

you aren't responsible for users who don't "logout" you put the button there to do its job if they dont' hit the button and their account is breached their fault not there.

[fanfavorite]

I don't think it is possible.  You will notice that banks don't even do this, which is something that would be a great security issue and fixed if it were possible. 

 

The way I setup my login information is sessions, the default is usually 20 minutes without activity or if the browser is closed, the sessions are deleted.   

[fanfavorite]

blueman378 I think is the closest solution for what you want.  You could set it in the .htaccess file in the password protected directory to only allow people to navigate to the certain pages if linked through your site.   

[atlanta]

Yea have php check to see if the HTTP_REFFERRER is from your domain if not navigate it to a logout page that clears session data. and redirect to main page.

[cooldude832]

HTTP_REFFER is not considered to be valid in most sense as it can be altered.  However most times if a user opens a new tab/window to your site the session id is altered

[PHP_PhREEEk]

I have no idea why some website owners are so preoccupied with trying to control the User's browse session. The thinking has always been "I want as many customers on my site, and/or logged in as possible", which makes smart business sense. So, if a User runs off to check his gmail or whatever, and then comes back, we would want him to be logged back in! If we force a new login when he only left our site for 2 minutes, he might get PO'd and leave our site COMPLETELY. Losing site Users is not something most webmasters dream of achieving.

 

Luckily, a website has no idea whatsoever that we have left to go check our email, unless we ELECT to logout first.

 

Anyways, quite a bit of energy has been spent trying to accomodate the OP's control issues, but I would like to hear from the OP himself, why exactly this is so mission critical?

 

PhREEEk

[satyac46]

Hi every one

 

Thanks for your approach.But i did not get what i required.

As i have a still some hope on this issue.Because i saw this one in one bank website.but it was done in JSP.I am looking to achieve in php or javascript.As my site is completely done with php.Regarding the above reply what i can say,it is a website corporate website it will be used as tool.

 

Thanks

 

 

[Crew-Portal]

<body onunload="<?php session_destroy(); ?>">

 

Not tested but should work?

[cooldude832]

that will not work gurantee all it will do is session_destroy ONLOAD

and output a body tag of

<body unload"">

[blueman378]

um wouldnt the person then have to keep logging in when they move to a different page on your site?

[Locked]

http://www.osec.doc.gov/webresources/offsite_notification_resources.htm#PopUpConfirmation

 

Have a read at that?

[satyac46]

Yes i want that one also.