Solved

Window close event

Posted on 2007-03-28
5
652 Views
Last Modified: 2012-08-13
Hello All,
I have a web application developed in PHP. We are working on fixing XSS issues and some security issues. We have an issue as below:
When a user logs in, we create a cookie and its stored in browser. And when user browsers the pages the cookie is used to know if the user is logged in. From one window the user clicks some link which opens another window with the same cookie. What we want to do is when the user closes the new opened window or the main window, we want to destroy the cookie. We are opening the new windows as
var de=window.opne("a.html");
Can anyone give me a solution.

Thanks & Regards,
Gowni
0
Comment
Question by:gowni
  • 2
5 Comments
 
LVL 63

Expert Comment

by:Zvonko
ID: 18806380
Immeditely before opening the new window you can nullify or delete the cookie.
To nullify do this:
document.cookie="TheSessionCookieName=;path=/;";
var de=window.opne("a.html");

To delete use this:
document.cookie="TheSessionCookieName=;path=/;expires=Fri, 27 Jul 2001 02:47:11 UTC;";
var de=window.opne("a.html");


But you CANNOT delete the cookie for one window and let it stay for old window. All cookies are global for one domain and same Realm.  A realm is simply a directory and all subdirectories on the web server.

0
 
LVL 11

Expert Comment

by:walkerke
ID: 18806398
You could try using an onunload or onblur event for the body, but I'm not sure if that would be executed if the window were closed as opposed to loading a different page. You could also put a close wndow button on the new page which not only closes the window, it deletes the cookie.

Regardless, you should set a short expiration period for the cookie.
0
 
LVL 1

Author Comment

by:gowni
ID: 18806520
Hi,
Thanks for your responses. But I think I was not so clear in explaining. Sorry about that.
When a user logs in, he is broswing some pages and opens some new windows while browsing. When he will close any of the window, the cookie should be deleted.

Thanks & Regards,
Karunakar
0
 
LVL 63

Accepted Solution

by:
Zvonko earned 250 total points
ID: 18807058
The cookie can be deleted like this:

document.cookie="TheSessionCookieName=;path=/;expires=Fri, 1 Jan 1980 01:01:01 UTC;";



0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses the difference between strict equality operator and equality operator in JavaScript. The Need: Because JavaScript performs an implicit type conversion when performing comparisons, we have to take this into account when wri…
Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now