tags:

views:

195

answers:

5

I have a web chat application and we are using jQuery. When a user is idle or doesn't hit the browser in say, 15 minutes, then it should automatically destroy the session of that particular user and redirect him to the login page. How would I do this?

+2  A: 

What language are you using serverside?

The session should be destroyed with whatever language you're using serverside...

But let me give me an example of a possible flow for your application.

  • The user logs in and a session with a specific expiration is created (20 min is default in php)
  • With every request you can check if your session data or certain flag is still present
  • If not, redirect to login page

As stated in an answer below, yes you can destroy a cookie or session clientside but i would not rely on it, javascript isn't always available. You have to leave it to the server to destroy a session and clean up all the data. You would have to figure out how the session cookie looks like anyway be learning what technology you use...

But to be clear, please provide more information about the used technology and maybe then i can give you a proper answer.

Sander Versluys
A: 

You can use AJAX to point to the logout page which redirects to the login page, when the mouse doesn't move for 15 minutes

Time Machine
i would not rely on javascript for such functionality... i know he's asking for it, but it not recommended
Sander Versluys
+1  A: 

You need to destroy cookie - there is plugin

for example in java most of the time its cookie named "JSESSIONID"

you need to see what cookies are made by website and kill the one with session info.

01
A: 

Your server should be tracking session lifetime, not the browser. All the browser has is a cookie that references a session ID (or something similar).

Yes, if you were to destroy the cookie or the session ID within the cookie, the user would appear to be logged off the next time they contacted the server. However, depending on a browser for session management is a great way to get inconsistent results.

The session exists on your server, the client only references it. You must manage it on your server for it to be reliable. For example, save the timestamp for "lastContactTimestamp" within the session. When the client makes a request, check that the current timestamp isn't greater than 15 minutes past the "lastContactTimestamp." If it is, redirect the client to log back in. If it is not, update "lastContactTimestamp" to the current timestamp and then serve up the client's request.

tyriker
A: 

Use a meta refresh redirect, this will auto redirect the browser to somelogOutUrl in 900 seconds. This assumes you will be refreshing the page in that time. If your applciation uses mainly ajax calls for new content and full page refreshes are seldom then you will need another option.

<meta http-equiv="refresh" content="900;url=somelogOutUrl">
redsquare

related questions