Solved

Track login and logout even if browser is closed

Posted on 2007-03-19
3
155 Views
Last Modified: 2008-03-06
I would like to track when a user logs into my ASP website and when they logout, but most users either go to another website or simply close their browser so there is no "logout" happening.

My way to solve this is to use onunload= inside the <body> tag and then call a javascript function that writes a record to my table with the sessionID, username and timestamp.  The function would first check to see if a record already exists for that sessionID and if so, simply update the timestamp, if one doesn't exist, it would create a new record.

I think this would do what I am looking for but I do not know how to code writing to a DB from within Javascript.  I know how to do so in ASP, but I don't want to call another ASP page because my site consists of many pages and if a user goes from one page to another, that would trigger an onunload= on each of them, If I called a logout.asp page, that would keep my user from going to their intended page within my site no???  That is why I figure I need to write the record to the DB from within javascript.

If I can simply call another ASP page to write the record and the user would still go to the intended page, please let me know and I will go that route.  Thanks!
0
Comment
Question by:mgiusto
3 Comments
 
LVL 11

Expert Comment

by:Sven
ID: 18749088
What if the user has javascript deactivated?

Try to use global.asa and Session_OnEnd-Event!
0
 

Author Comment

by:mgiusto
ID: 18749463
It is a company intranet application and if the user has javascript disabled, the site won't work, but if you feel session_OnEnd is the way to go, I'd be interested if you could provide some code for me to work with.
0
 
LVL 25

Accepted Solution

by:
kevp75 earned 125 total points
ID: 18752454
I always try to stay awa from using the global.asa file  (some old nightmares still haunt me...)

I would suggest using a javascript event onunload.

I use the following to fire a page onunload of a chat room.
<script language="javascript" type="text/javascript">
            <!--
            function makeRequest(url){
             if (window.XMLHttpRequest){
              http_request = new XMLHttpRequest();
             }
             else if (window.ActiveXObject){
              try {
               http_request = new ActiveXObject('Msxml2.XMLHTTP');
              } catch (e) {    
               try {
                  http_request = new ActiveXObject('Microsoft.XMLHTTP');
               } catch (e) {}
              }
             }
             http_request.onreadystatechange = function() {
              if(http_request.readyState == 4){
               if(http_request.status != 200){
                  if(http_request.status == 403) alert('Forbidden');
                  else if(http_request.status == 404) alert('Could not find file.');
                  else alert('Unknown Error');
               }
               else {
                  try{http_request.setRequestHeader('content-type','text/html;charset=ISO_8859-1:1987');}catch(e){}
                  if(http_request.responseText.substring(0, 5).toLowerCase() == '<?xml') alert('This is Valid XML');
                  else findTxtLinks(http_request.responseText);
               }
              }
             };
             http_request.open('GET', url, true);
             http_request.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
             http_request.send(null);
            }              
            function RorC() {
                  var top=self.screenTop;
                   if (top>9000)
                   {makeRequest('/leavethesite.asp?usersID<%=passTheUSersIDInThisQuerystring%>')}
            }
            //-->
            </script>
            <body onUnload="RorC();makeRequest('/leavethesite.asp?usersID<%=passTheUSersIDInThisQuerystring%>');">


and then make a page called leavethesite.asp that will delete their session variable/cookie  (or if you do this via db, mark their record as logged out...)

HTAH
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

I've been trying to accomplish this for a while and it just struck me yesterday how to accomplish this task. I have done searches all over the internet looking for ways to email pages from my applications and finally I have done it!!! Every single s…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now