Solved

Window close event

Posted on 2007-03-28
5
657 Views
Last Modified: 2012-08-13
Hello All,
I have a web application developed in PHP. We are working on fixing XSS issues and some security issues. We have an issue as below:
When a user logs in, we create a cookie and its stored in browser. And when user browsers the pages the cookie is used to know if the user is logged in. From one window the user clicks some link which opens another window with the same cookie. What we want to do is when the user closes the new opened window or the main window, we want to destroy the cookie. We are opening the new windows as
var de=window.opne("a.html");
Can anyone give me a solution.

Thanks & Regards,
Gowni
0
Comment
Question by:gowni
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 63

Expert Comment

by:Zvonko
ID: 18806380
Immeditely before opening the new window you can nullify or delete the cookie.
To nullify do this:
document.cookie="TheSessionCookieName=;path=/;";
var de=window.opne("a.html");

To delete use this:
document.cookie="TheSessionCookieName=;path=/;expires=Fri, 27 Jul 2001 02:47:11 UTC;";
var de=window.opne("a.html");


But you CANNOT delete the cookie for one window and let it stay for old window. All cookies are global for one domain and same Realm.  A realm is simply a directory and all subdirectories on the web server.

0
 
LVL 11

Expert Comment

by:walkerke
ID: 18806398
You could try using an onunload or onblur event for the body, but I'm not sure if that would be executed if the window were closed as opposed to loading a different page. You could also put a close wndow button on the new page which not only closes the window, it deletes the cookie.

Regardless, you should set a short expiration period for the cookie.
0
 
LVL 1

Author Comment

by:gowni
ID: 18806520
Hi,
Thanks for your responses. But I think I was not so clear in explaining. Sorry about that.
When a user logs in, he is broswing some pages and opens some new windows while browsing. When he will close any of the window, the cookie should be deleted.

Thanks & Regards,
Karunakar
0
 
LVL 63

Accepted Solution

by:
Zvonko earned 250 total points
ID: 18807058
The cookie can be deleted like this:

document.cookie="TheSessionCookieName=;path=/;expires=Fri, 1 Jan 1980 01:01:01 UTC;";



0

Featured Post

Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses the difference between strict equality operator and equality operator in JavaScript. The Need: Because JavaScript performs an implicit type conversion when performing comparisons, we have to take this into account when wri…
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question