• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 640
  • Last Modified:

detecting idle session or closed window

Hi Experts,

I would like to know how to determine when a session is idle for a period of time (so I can kill their idle connection) or a user has closed the browser (without logging out first).  My website is using asp with vbscript and has a SQl server backend that keeps track of the current log in sessions.

Thanks!!!
0
wunyu
Asked:
wunyu
  • 5
  • 4
  • 2
2 Solutions
 
frodomanCommented:
>> determine when a session is idle for a period of time

IIS handles this based on your server's configuration - I believe 20 minutes is the default value.

>>user has closed the browser

You can't detect when a user has closed the browser.  An outside user sends requests and receives responses from your server.  Unless your server is actively processing a request or sending a response, there is no communication at all between your server and the client so you have no way of knowing if their browser is still open.  But hey, it's something all of us wish we could do! ;)
0
 
wunyuAuthor Commented:

>> IIS handles this based on your server's configuration - I believe 20 minutes is the default value.

Where do I find this information or where do I configure this?

Also, in yahoo mail, for example, if a user logs into their email account and then copies down that URL, if they close the browser and open another browser and goes to that same URL, yahoo asks for a password.  How did yahoo know that the user had closed the browser or how do they know when to expire a session is more appropriate.

Thanks.
0
 
DevastatedCommented:
Hi,

you can detect/set this in your script:-

<html>
<body>

<%  
response.write("<p>")
response.write("Default Timeout is: " & Session.Timeout & " minutes.")
response.write("</p>")

Session.Timeout=30

response.write("<p>")
response.write("Timeout is now: " & Session.Timeout & " minutes.")
response.write("</p>")
%>

</body>
</html>
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
wunyuAuthor Commented:
Hm ... but on some websites, when I close the window, a smaller window pops up.  Does this show that it's possible to determine when a window gets closed?

For example, if you go to www.time.com and you close the window, a smaller window pops up and asks you to subscribe.

How do they determine when they've closed the larger window?  Thanks.
0
 
frodomanCommented:
They put a javascript function in the onUnload event.  <body onUnload=DoSomeFunction();>

This isn't bad, but don't think it's foolproof either.  It only works if javascript is turned on.  It only works if you try to close the window (i.e.: does *not* work if you press back button the leave the site), etc.
0
 
DevastatedCommented:
HTTP is what is called a stateless session i.e. browser requests a page, server serves that page to the browser (client), and then forgets about them... i.e. the browser will be identifiable via session info at the server (when the browser makes its next call within the timeout period)... but the server can't contact the browser independantly... unless you use a form of web service that is.

Javascript is what most use to detect the window closing as wunyu says... but i don't like that method... i rather log users at a db at the server, thier logon time etc.


P.S. Hope this helps.
0
 
DevastatedCommented:
Perhaps one of the safest methods is to log the session ID and session creation time (do this via a simple DB call in the session start)... and then when you want to know if a session is old (the user has requested a page from the server), then check thier session using the DB - or better still don't rely on sessions at all and generate your own unique number.

Sessions are unreliable - better of simply logging all info at one page e.g. index.asp (include a file that checks the users session times etc and redirects the user if session has timed out or some other effect - to use this method you need one point of entry - so in the include file also check the page url / site entry point user is attempting and redirect to index.asp if that isn't thier page - better off checking the file name they are attemping to read, otherwise they could hack url detections using masked forwarding or something similar), that way its a simple include at the top of each page.
0
 
DevastatedCommented:
OR

just set a variable in the users session that stores the time they logged on and update it using a timer in your pages, and once its timed out or about o you will know - with a bit of jiggery powkery u could do allsorts.

P.S. Don't think there is a simple command for knowing how long a session has left, and there is no way of detecting when a user closes thier browser without using javascript...

alternatively you could have some code sitting in the application object that poles the logged on users and does things accordingly.

P.P.S. Hope this helps.
0
 
frodomanCommented:
Daleoran,

Recommend split points:  frodoman { html#9617126 } and Devastated { html#9735831 }

frodoman
0
 
frodomanCommented:
Daleoran,

Recommend split points:  frodoman { #9617126 } and Devastated { #9735831 }

frodoman
0
 
DevastatedCommented:
idd - between us we have given a full answer
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 5
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now