I programmed a web site, prepared a login mechanism(via textbox, not Login tools), users want to logout, they click logout button. However, my problem is that if users don't click logout button or close web page or switch another one, How can I understand this situation?
According my mechanism, when users logout ,in DB some insertion and delete operation are making.
I also want to do this with closing page,switch another one.
Thanks.
views:
129answers:
6It sounds like you're doing a DB operation on logout, and when people just navigate away without clicking the logout button, the code doesn't fire.
In your global.asax, take a look at session_end. Maybe you can put your operation in there.
protected void Session_End(Object sender, EventArgs e)
{
// Your code goes here. Since your logout code probably relied on the user being
// logged in, you might end up checking Request.IsAuthenticated here. Why? Because
// this event fires any time a session ends -- even if the user is not logged in!
}
Note that if you use this, it actually fires when the IIS session ends, not when the browser closes. By default the session times out after 20 minutes of inactivity.
Once you implement this, you could have your logout page call Session.Abandon, which will trigger Session_End. That seems clean to me.
Here's an MSDN link with some more details on session events: http://msdn.microsoft.com/en-us/library/ms178583.aspx
I am not entirely sure, but I think one way this is implemented is to not set an expiration on a cookie, which will cause it to be a session cookie that is lost when the browser is closed. Since your session cookie typically contains the session key, then they will essentially be starting a new session when they open up a browser again.
When I make users system, I add to database table with users that are login (something like session) and i gave them timestamp. Every refresh of site I run query to delete users with timestamp older then 30 minutes. This is very easy solution, maybe there is better way.
Session end is probably your best bet as previously mentioned, but if you're paranoid, you can put some javascript/AJAX on your page that pings your server every X seconds to basically say "I'm still here". Then if they leave, instead of waiting the whole 20 minutes or so for the session to end, you can know within X seconds that they've left, since they're not pinging anymore.
might want to check out the events in global.asax. You can update the db with the session_end event. You can also use the beginrequest event which is fired on each page and control (you'll get multiple hits per page if you have multiple controls). You could also put something in your page_load event.
If your session timeout is 20 minutes you will only detect after 20 minutes that the session has ended = the user has left your page. You can detect the session end in the global.asax session_end like Brian describes.
If you want to detect someone leaving your page earlier - say after a minute, you could reduce the session timeout to 1 minute.
The problem is then, if the user doesn't do anything on your page - no post back to the server - his session will timeout despite him still viewing your page.
To get around this you could use a keep alive mechanism. Your Page would call the server regularly in the background as long as the user views your page. This can be done with AJAX Javascript or oher mechanisms like hidden iFrame.
See for example: http://stackoverflow.com/questions/1587449/asp-net-ajax-and-keeping-the-session-alive-what-is-the-standard-way-to-do-it