Solved

detecting idle session or closed window

Posted on 2003-10-24
12
621 Views
Last Modified: 2011-09-20
Hi Experts,

I would like to know how to determine when a session is idle for a period of time (so I can kill their idle connection) or a user has closed the browser (without logging out first).  My website is using asp with vbscript and has a SQl server backend that keeps track of the current log in sessions.

Thanks!!!
0
Comment
Question by:wunyu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
12 Comments
 
LVL 42

Assisted Solution

by:frodoman
frodoman earned 25 total points
ID: 9617126
>> determine when a session is idle for a period of time

IIS handles this based on your server's configuration - I believe 20 minutes is the default value.

>>user has closed the browser

You can't detect when a user has closed the browser.  An outside user sends requests and receives responses from your server.  Unless your server is actively processing a request or sending a response, there is no communication at all between your server and the client so you have no way of knowing if their browser is still open.  But hey, it's something all of us wish we could do! ;)
0
 

Author Comment

by:wunyu
ID: 9617863

>> IIS handles this based on your server's configuration - I believe 20 minutes is the default value.

Where do I find this information or where do I configure this?

Also, in yahoo mail, for example, if a user logs into their email account and then copies down that URL, if they close the browser and open another browser and goes to that same URL, yahoo asks for a password.  How did yahoo know that the user had closed the browser or how do they know when to expire a session is more appropriate.

Thanks.
0
 
LVL 4

Expert Comment

by:Devastated
ID: 9735831
Hi,

you can detect/set this in your script:-

<html>
<body>

<%  
response.write("<p>")
response.write("Default Timeout is: " & Session.Timeout & " minutes.")
response.write("</p>")

Session.Timeout=30

response.write("<p>")
response.write("Timeout is now: " & Session.Timeout & " minutes.")
response.write("</p>")
%>

</body>
</html>
0
Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

 

Author Comment

by:wunyu
ID: 11186460
Hm ... but on some websites, when I close the window, a smaller window pops up.  Does this show that it's possible to determine when a window gets closed?

For example, if you go to www.time.com and you close the window, a smaller window pops up and asks you to subscribe.

How do they determine when they've closed the larger window?  Thanks.
0
 
LVL 42

Expert Comment

by:frodoman
ID: 11186842
They put a javascript function in the onUnload event.  <body onUnload=DoSomeFunction();>

This isn't bad, but don't think it's foolproof either.  It only works if javascript is turned on.  It only works if you try to close the window (i.e.: does *not* work if you press back button the leave the site), etc.
0
 
LVL 4

Expert Comment

by:Devastated
ID: 11186921
HTTP is what is called a stateless session i.e. browser requests a page, server serves that page to the browser (client), and then forgets about them... i.e. the browser will be identifiable via session info at the server (when the browser makes its next call within the timeout period)... but the server can't contact the browser independantly... unless you use a form of web service that is.

Javascript is what most use to detect the window closing as wunyu says... but i don't like that method... i rather log users at a db at the server, thier logon time etc.


P.S. Hope this helps.
0
 
LVL 4

Accepted Solution

by:
Devastated earned 25 total points
ID: 11189367
Perhaps one of the safest methods is to log the session ID and session creation time (do this via a simple DB call in the session start)... and then when you want to know if a session is old (the user has requested a page from the server), then check thier session using the DB - or better still don't rely on sessions at all and generate your own unique number.

Sessions are unreliable - better of simply logging all info at one page e.g. index.asp (include a file that checks the users session times etc and redirects the user if session has timed out or some other effect - to use this method you need one point of entry - so in the include file also check the page url / site entry point user is attempting and redirect to index.asp if that isn't thier page - better off checking the file name they are attemping to read, otherwise they could hack url detections using masked forwarding or something similar), that way its a simple include at the top of each page.
0
 
LVL 4

Expert Comment

by:Devastated
ID: 11189393
OR

just set a variable in the users session that stores the time they logged on and update it using a timer in your pages, and once its timed out or about o you will know - with a bit of jiggery powkery u could do allsorts.

P.S. Don't think there is a simple command for knowing how long a session has left, and there is no way of detecting when a user closes thier browser without using javascript...

alternatively you could have some code sitting in the application object that poles the logged on users and does things accordingly.

P.P.S. Hope this helps.
0
 
LVL 42

Expert Comment

by:frodoman
ID: 11402027
Daleoran,

Recommend split points:  frodoman { html#9617126 } and Devastated { html#9735831 }

frodoman
0
 
LVL 42

Expert Comment

by:frodoman
ID: 11402037
Daleoran,

Recommend split points:  frodoman { #9617126 } and Devastated { #9735831 }

frodoman
0
 
LVL 4

Expert Comment

by:Devastated
ID: 11413030
idd - between us we have given a full answer
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There’s a good reason for why it’s called a homepage – it closely resembles that of a physical house and the only real difference is that it’s online. Your website’s homepage is where people come to visit you. It’s the family room of your website wh…
When crafting your “Why Us” page, there are a plethora of pitfalls to avoid. Follow these five tips, and you’ll be well on your way to creating an effective page.
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question