klm67097
asked on
kill session
hi,
If i login into the webbased application it insert the userid into a database table (little bit user tracking)\
I have also a logout page when click on this it will update the table of the particular user
but when you click the X of the IE browser it will not update the table because you does'n logout nicely from the logout page or logout button.
so my question is how can I kill the session even I click on the X of the IE browser?
have somebody any idea?
please advise
kisoen
If i login into the webbased application it insert the userid into a database table (little bit user tracking)\
I have also a logout page when click on this it will update the table of the particular user
but when you click the X of the IE browser it will not update the table because you does'n logout nicely from the logout page or logout button.
so my question is how can I kill the session even I click on the X of the IE browser?
have somebody any idea?
please advise
kisoen
you could also use
sub Session_OnEnd
Session.abandon()
end sub
sub Session_OnEnd
Session.abandon()
end sub
You don't have to do anything. The session will timeout on its own based on the Session.Timeout, default 20 minutes.
If you want it to run something, like logging when they logged out, then you can use Session_OnEnd and show the session timed out instead of them logging off.
There is no way to determine if the user has left in ASP as far as I know. I think in .NET, Java, you can use client.isConnected but you would have to do that on a regular basis and seems like too much overhead.
If you want it to run something, like logging when they logged out, then you can use Session_OnEnd and show the session timed out instead of them logging off.
There is no way to determine if the user has left in ASP as far as I know. I think in .NET, Java, you can use client.isConnected but you would have to do that on a regular basis and seems like too much overhead.
BTW... client.isConnected only shows if they're connected, not when they leave. The client has to inform you they're leaving and it doesn't.
ASKER
hi,
should you do it in GLOBAL.ASA?
I have a logout.asp page where the
Session.abandon()
end sub
is mentioned
is it not possible when you click the X on ie Browser that the logout page runs?
see my global.asa
please advise
Kisoen
Sub Application_OnEnd
End Sub
Sub Session_OnStart
Session.Timeout = 20
Session("Start") = Now
Application.Lock
Application("visits") = Application("visits") + 1
intTotal_visitors = Application("visits")
Application.Unlock
Session("VisitorID") = intTotal_visitors
Application.Lock
Application("Active") = Application("Active") + 1
Application.Unlock
End Sub
Sub Session_OnEnd
set conn = Server.CreateObject ("ADODB.Connection")
conn.Open Application("connString")
Dim update__MMColParam
update__MMColParam = "1"
if (Session("svusername") <> "") then update__MMColParam = Session("svusername")
' Update the record when the user logout and write the logout time
' plus it sets the user as OFFLINE.
query = "UPDATE tblActiveusers SET LoggedOut= now() , Online=1 "
query = query & "WHERE Online=0 AND Username= '" + Replace(update__MMColParam , "'", "''") + "'"
conn.Execute (query)
conn.Close
set conn = Nothing
Application.Lock
Application("Active") = Application("Active") - 1
Application.Unlock
End Sub
should you do it in GLOBAL.ASA?
I have a logout.asp page where the
Session.abandon()
end sub
is mentioned
is it not possible when you click the X on ie Browser that the logout page runs?
see my global.asa
please advise
Kisoen
Sub Application_OnEnd
End Sub
Sub Session_OnStart
Session.Timeout = 20
Session("Start") = Now
Application.Lock
Application("visits") = Application("visits") + 1
intTotal_visitors = Application("visits")
Application.Unlock
Session("VisitorID") = intTotal_visitors
Application.Lock
Application("Active") = Application("Active") + 1
Application.Unlock
End Sub
Sub Session_OnEnd
set conn = Server.CreateObject ("ADODB.Connection")
conn.Open Application("connString")
Dim update__MMColParam
update__MMColParam = "1"
if (Session("svusername") <> "") then update__MMColParam = Session("svusername")
' Update the record when the user logout and write the logout time
' plus it sets the user as OFFLINE.
query = "UPDATE tblActiveusers SET LoggedOut= now() , Online=1 "
query = query & "WHERE Online=0 AND Username= '" + Replace(update__MMColParam
conn.Execute (query)
conn.Close
set conn = Nothing
Application.Lock
Application("Active") = Application("Active") - 1
Application.Unlock
End Sub
Yes, as babuno5 first suggested. Put it at the very end of Session_OnEnd
I don't see Session.Abandon in your global.asa.
If I wanted to see if my users were logging out vs timing out, then I'd create a logout.asp page for logouts and do the same in the global.asa specifying it was a timeout. If I saw a pattern, I may then send out an email to my users that didn't logout and ask them to please log out to help recover server resources.
I don't see Session.Abandon in your global.asa.
If I wanted to see if my users were logging out vs timing out, then I'd create a logout.asp page for logouts and do the same in the global.asa specifying it was a timeout. If I saw a pattern, I may then send out an email to my users that didn't logout and ask them to please log out to help recover server resources.
The solutions mentioned here won't work completly.
If you have an "online flag" in your database and do the following...
in a loginpage....
update tblActiveUsers set online=1 ....... where......
and in session_onend
update tblActiveUsers set online=0....... where....
If the following scenario happens....
1. I log in
2. I close my browser
3. I log in BEFORE first session has ended
...session_onend will fire while surfing "online" (3. above) and your db thinks you are logged out, but you aren't.
You need to save something unique in your db per session, for example sessionid. Like this
in a loginpage
update tblActiveUsers set online=1, lastID=[aspcode: session.sessionID]..... where.....
and in session_onend
update tblActiveUsers set online=0...... where lastID=[aspcode: session.sessionID] and.....
In the scenario above, in 3. you will set a new "lastID" so the flag won't be set to 0 when the first session ends.
Cheers
R
If you have an "online flag" in your database and do the following...
in a loginpage....
update tblActiveUsers set online=1 ....... where......
and in session_onend
update tblActiveUsers set online=0....... where....
If the following scenario happens....
1. I log in
2. I close my browser
3. I log in BEFORE first session has ended
...session_onend will fire while surfing "online" (3. above) and your db thinks you are logged out, but you aren't.
You need to save something unique in your db per session, for example sessionid. Like this
in a loginpage
update tblActiveUsers set online=1, lastID=[aspcode: session.sessionID]..... where.....
and in session_onend
update tblActiveUsers set online=0...... where lastID=[aspcode: session.sessionID] and.....
In the scenario above, in 3. you will set a new "lastID" so the flag won't be set to 0 when the first session ends.
Cheers
R
ASKER
hi,
OKE but how do I create a sessionID and stored this in the database? via ASP?
Yes I like this scenario but how do i do that?
please advise or show me the direction
gr. kisoen
OKE but how do I create a sessionID and stored this in the database? via ASP?
Yes I like this scenario but how do i do that?
please advise or show me the direction
gr. kisoen
Roger...
Session_OnEnd will fire and show the old session timed out, which is what did happen. When the person connects again, they have a new session. They won't be logged out what that event fires unless he tells Session_OnEnd to run through a logout process, which would be a bad idea.
It will still be accurate as that session did time out and the new session will go through the same procedure, logout or timeout. He asked how to kill a session when someone closes their browser and that's just not possible.
Session_OnEnd will fire and show the old session timed out, which is what did happen. When the person connects again, they have a new session. They won't be logged out what that event fires unless he tells Session_OnEnd to run through a logout process, which would be a bad idea.
It will still be accurate as that session did time out and the new session will go through the same procedure, logout or timeout. He asked how to kill a session when someone closes their browser and that's just not possible.
kiddanger....
I'm not sure I understand you correctly but I give it a try.... You write "He asked how to kill a session when someone closes their browser and that's just not possible". You are absolutly right. You cannot kill the session at this specific time. BUT! This session WILL end after x minutes and its session_onend WILL fire. And the user "Session("svusername")" will be set to offline even if he has logged in again. This problem I tried to add to this discussion.
klm67097....
If you use asp, you get the sessionId simply by using session.sessionID. Add a field to hold the "last logged in sessionID" to the database and use it the way I suggested above.
Cheers
Roger
I'm not sure I understand you correctly but I give it a try.... You write "He asked how to kill a session when someone closes their browser and that's just not possible". You are absolutly right. You cannot kill the session at this specific time. BUT! This session WILL end after x minutes and its session_onend WILL fire. And the user "Session("svusername")" will be set to offline even if he has logged in again. This problem I tried to add to this discussion.
klm67097....
If you use asp, you get the sessionId simply by using session.sessionID. Add a field to hold the "last logged in sessionID" to the database and use it the way I suggested above.
Cheers
Roger
Hi Roger...
Thanks for your message. I understand your approach and I don't disagree with it if the Session_OnEnd is to log someone out. However I read:
"If i login into the webbased application it insert the userid into a database table (little bit user tracking)\
I have also a logout page when click on this it will update the table of the particular user"
To me, that means he's tracking when they login and when they logout. He wanted to end the session and update his database showing they had left. We both agree that cannot be achieved. He appears to be wanting ONLY to update the database to know when they left.
The way I see it, he already has what he needs in the database. What he needs is something in the Session_OnEnd that will determine when they left, IF they timeout instead of logging out. To achieve this, I would do the following:
If the session timed out, and sessions were set to 20 minutes, I would take the current time and subtract 20 minutes.
I don't see him wanting to control someone's logout, just track it. He wanted the session to end when the browser closes to get an accurate date/time when they left. I think what I suggested will solve that since you cannot determine if they have just closed their browser.
I'm also willing to concede I may have misunderstood the original question but that's how I took it.
From looking at his code:
"And the user "Session("svusername")" will be set to offline even if he has logged in again."
...is incorrect. He's only logging when they logged out, he's not destroying the session variable. However, he could have:
login date/time
login date/time
logout date/time
logout date/time
If he does track the session ID also, rather than just the username, he will know which logout to associate with which login. It is my understanding the server tracks the session by sessionID and even if multiple sessions had session variables with the same value, it wouldn't affect a different session. The session variable would be destroyed but only for the original session, not the next one, even if they came back before the original was destroyed.
I read it like:
sessionID:session(var)
sessionID: session(var2)
etc.
Thanks for your message. I understand your approach and I don't disagree with it if the Session_OnEnd is to log someone out. However I read:
"If i login into the webbased application it insert the userid into a database table (little bit user tracking)\
I have also a logout page when click on this it will update the table of the particular user"
To me, that means he's tracking when they login and when they logout. He wanted to end the session and update his database showing they had left. We both agree that cannot be achieved. He appears to be wanting ONLY to update the database to know when they left.
The way I see it, he already has what he needs in the database. What he needs is something in the Session_OnEnd that will determine when they left, IF they timeout instead of logging out. To achieve this, I would do the following:
If the session timed out, and sessions were set to 20 minutes, I would take the current time and subtract 20 minutes.
I don't see him wanting to control someone's logout, just track it. He wanted the session to end when the browser closes to get an accurate date/time when they left. I think what I suggested will solve that since you cannot determine if they have just closed their browser.
I'm also willing to concede I may have misunderstood the original question but that's how I took it.
From looking at his code:
"And the user "Session("svusername")" will be set to offline even if he has logged in again."
...is incorrect. He's only logging when they logged out, he's not destroying the session variable. However, he could have:
login date/time
login date/time
logout date/time
logout date/time
If he does track the session ID also, rather than just the username, he will know which logout to associate with which login. It is my understanding the server tracks the session by sessionID and even if multiple sessions had session variables with the same value, it wouldn't affect a different session. The session variable would be destroyed but only for the original session, not the next one, even if they came back before the original was destroyed.
I read it like:
sessionID:session(var)
sessionID: session(var2)
etc.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
so thx guys
it seems can't be solved
so I have to explain the users they have to use the logout button i.s.o closing the browser.
thx guys
kisoen
it seems can't be solved
so I have to explain the users they have to use the logout button i.s.o closing the browser.
thx guys
kisoen
sub Session_OnEnd
'I dunno summin like this:
session("loggedin")=false
session("username")=""
'somthing like that depedning on what your session vars are called
end sub
hope that helps
~Binks