I've noticed that a lot of sites have the ability to automatically log a user out when they leave the site (navigate to another website or close the browser entirely). Does anyone know how this is done? I'm trying to enhance a web content system I've written to track user actions. The only action that has eluded me so far is logout (unless the user actively clicks the logout link).
Thanks for your help,
Karim
u can use session cookies (cookies that r deleted when the user closes his browser), or u use a js function with the onUnload event handler that opens the logout url in some new window that's closed after the logout was completed (again via js)... maybe a combination is the best technique to set up automatic logout... sorry, i have no code present and just wanted to give u some ideas, pls have a look at js/html docs if u don't know nothin about javascript etc. If u encounter any special problem, post again and somebody will help u...
However, I think there r only a few changes to your php code... u gotta include some code in the page's header (i guess u have some function or file to output it), namely a js function that open a new window with the url of your logout script and add one attrib to the body tag, i.e. <body onUnload="doLogout();" ....> of course if u call the js function onUnload.
In your logout script, insert somethin like this:
<body onLoad="setTimeout('window.close()', 1000);" ....>
this should close the window after one second....
this was written from the top of my head and i guess there might be a few errors inside... so lookup the js functions and if u got a working solution, pls tell me where i can have alook at it...
hth
I got some code to solve your problem... page.html in the attached zip is an example of a page that should support auto logout, logout.html is the file in which u gotta place your logout code... maybe u have to rename the file to .php or whatever, however, also notice & read the html comments in the files.
hth
Thank you very much for this information. I think I misspoke my question, though. My question is not how to force a logout. Rather, I was wondering how a website detects that a user is no longer browsing the site. For example, there are some sites that will tell you how many people are currently online. How does that happen? Is it counting open sessions? Are they somehow associating session IDs with logged in users and intermitantly checking to see if those sessions are still active?
you can set a timeout variable in your session that's set to the timeout value (e.g. 15 min) + the curren time (function time())everytime the user resumes the session (i.e. enters another page)... then u can check whether the session expired (time() > $storedTime) - either usin some cronjob or something similar or by adding some garbage collector function that runs with a probability of 0.01 or so everytime some page is being loaded.
Interesting. A cronjob is out of the question for my purposes, so I would have to wait for the session to be reentered. But then if they don't return I wouldn't know to log them out. Unless I can check the session variables from within different session.
You can't really detect whether a person is logged in or not. If you want to automatically log them out, then you need to use some sort of timeout. For example, if they haven't loaded a page in the last 10 minutes, then they have to log in again. If they leave your site and come back within that time frame, they are still logged in. However, if a user is logged in, gets up to make a sandwich, then comes back, navigates to another page and discovers that he's been logged out, he could get a little peeved. You have to find a timeout value that fits.
As far as closing the browser goes -- if you use a cookie that expires when the the browser is closed, that will solve that issue for you.
You cannot use the unload event, however. Otherwise, every time the user opened a new page within your site, they'd have to log in. That would not be acceptable at any level, obviously.
Something I just thought of, however. You could check to see what domain the user is coming from. If they are coming from your own domain, then they are just loading another page on your site. If they came from somewhere else, force them to log in again. It's not technically a forced logout, and you aren't detecting that they are not on your site. You are detecting that that came FROM somewhere else.
You cannot use the unload event, however. Otherwise, every time the user opened a new page within your site, they'd have to log in. That would not be acceptable at any level, obviously.
That's right, u had to modify every link on your page that points to some other page of your site so that some js var is set which u check before u log out... a little complicated, but it could work.
Something I just thought of, however. You could check to see what domain the user is coming from. If they are coming from your own domain, then they are just loading another page on your site. If they came from somewhere else, force them to log in again. It's not technically a forced logout, and you aren't detecting that they are not on your site. You are detecting that that came FROM somewhere else.
Does not work neither coz the referer is not submitted when the user just types in some url but only if he follows a link... and I guess it's also not sent when u do not leave the domain (i.e. follow some internal link) so im afraid this does not work.
Unless I can check the session variables from within different session.
That's the only solution I see... if u use php's built-in fucntions for session handling, I guess u can set some timeout value in php.ini so that the user's logged out by some gc process (whose probability to start u may also set in php.ini).
Maybe this helps u