Once the user is on my page, I do not want him to refresh the page.
1) Anytime, the user hits F5/refresh button on top. He should get an alert saying "You cannot refresh the page".
2) Also if the user opens a new tab and tries to access the same url in prev tab he should get an alert "You cannot open same page in 2 tabs"
Anyway I can do this using JS/jQuery? Point 1 is really important.
No, there isn't.
I'm pretty sure there is no way to intercept a click on the refresh button from JS, and even if there was, JS can be turned off.
You should probably step back from your X (preventing refreshing) and find a different solution to Y (whatever that might be).
You can't prevent the user from refreshing, nor should you really be trying. You should go back to why you need this solution, what's the root problem here?. Start there and find a different way to go about solving the problem. Perhaps is you elaborated on why you think you need to do this it would help in finding such a solution.
Breaking fundamental browser features is never a good idea, over 99.999999999% of the internet works and refreshes with F5, this is an expectation of the user, one you shouldn't break.
#1 can be implemented via window.onbeforeunload.
For example:
<script type="text/javascript">
window.onbeforeunload = function() {
return "Dude, are you sure you want to leave? Think of the kittens!";
}
</script>
The user will be prompted with the message, and given an option to stay on the page or continue on their way. This is becoming more common. Stack Overflow does this if you try to navigate away from a page while you are typing a post. You can't completely stop the user from reloading, but you can make it sound real scary if they do.
#2 is more or less impossible. Even if you tracked sessions and user logins, you still wouldn't be able to guarantee that you were detecting a second tab correctly. For example, maybe I have one window open, then close it. Now I open a new window. You would likely detect that as a second tab, even though I already closed the first one. Now your user can't access the first window because they closed it, and they can't access the second window because you're denying them.
In fact, my bank's online system tries real hard to do #2, and the situation described above happens all the time. I usually have to wait until the server-side session expires before I can use the banking system again.
A comment to Seth:
Hello Sir,
I think if we can simply keep a session counter which increments when any user opens a particular web page. So, when the first time, when user opens a page, the counter value would be 1. As we have a Javascript at the time of unload, we can decrement the counter by 1 when the user leaves the page.
So, if the user clicks on another tab, the session counter value can be checked and see if it already has value 1, which indirectly means, there has to be a new tab or a new window which has the same webpage open. In that way, you can restrict the user from opening two tabs or windows of the same webpage.
There can be complexions, but I feel there has to be someway out using this method.