• Post Reply Bookmark Topic Watch Topic
  • New Topic

Session Timeout

 
Meet Gaurav
Ranch Hand
Posts: 492
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

Since this is related to Session am creating a new thread.

In banks sites we can’t login twice, As soon as we logged in they will insert 1 record in DB and the same user can’t login again, If the user forgot to sign out the session and closed the window directly. How they were identifying that.

I checked few sites, session time out is 10 mins. After logging in I closed the window again I tried to login immediately and it’s worked.. How they were identifying window close.

Please assist us
 
Hebert Coelho
Ranch Hand
Posts: 754
Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You may do as Gmail do. try to look at they source.

When you are writting an email and want to close the windown without saving it first, they will display a message.
 
Meet Gaurav
Ranch Hand
Posts: 492
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Hebert..

But Gmail is simply giving a alert on unload event or onbeforeunload event. In case if the user overridded that alert. How to handle that situation ?
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What if they have JavaScript turned off?

What makes you think starting a new thread is going to give you different answers than the first one?

(And I can log in to *my* banks twice just fine. Why? Because it doesn't *MATTER* if I log in twice. How about you just change your login code to handle it appropriately?
 
Meet Gaurav
Ranch Hand
Posts: 492
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Good David... But My banks are not allowing .


Also I like to track the logout time of the users. Is there any other alternative way.. ? without session timeout option.. if so please assist.
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Again: what makes you think the answers will be any different in this thread?
 
Sudipta Laha
Ranch Hand
Posts: 49
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
May be onunload they are calling a js function which sends a request to the server to remove the session details from the DB.
 
Meet Gaurav
Ranch Hand
Posts: 492
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I tried this... Submitting a AJAX request on onunload event. But am unable to send the request to server in firefox.
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What if JavaScript is turned off? What if their browser crashes? You'd lock me out for the duration of the session timeout because my browser crashed or someone tripped over my computer cord?
 
Sudipta Laha
Ranch Hand
Posts: 49
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
yeah, i agree with David, that there are situation when it will not work.
I even have seen sites in which we have to call the customer care for this issue.
JS is one of the possible ways to handle this.

There may be many other ways:

Like if a user login through a new windows, we can end the session in the previous opened window after making a check in the DB with the operation performed by the user in the mean time if any work was done for the previous window( i believe banks will have all datas for audit so a check can be made at server side in your case).

Some background procces can be used to reset the user after certain time if he is inactive.

There may be more possible ways of implementation(which i may not know) and it will differ for site to site. But still believe there will be flaws.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!