Solved

Window close event

Posted on 2007-03-28
5
653 Views
Last Modified: 2012-08-13
Hello All,
I have a web application developed in PHP. We are working on fixing XSS issues and some security issues. We have an issue as below:
When a user logs in, we create a cookie and its stored in browser. And when user browsers the pages the cookie is used to know if the user is logged in. From one window the user clicks some link which opens another window with the same cookie. What we want to do is when the user closes the new opened window or the main window, we want to destroy the cookie. We are opening the new windows as
var de=window.opne("a.html");
Can anyone give me a solution.

Thanks & Regards,
Gowni
0
Comment
Question by:gowni
  • 2
5 Comments
 
LVL 63

Expert Comment

by:Zvonko
ID: 18806380
Immeditely before opening the new window you can nullify or delete the cookie.
To nullify do this:
document.cookie="TheSessionCookieName=;path=/;";
var de=window.opne("a.html");

To delete use this:
document.cookie="TheSessionCookieName=;path=/;expires=Fri, 27 Jul 2001 02:47:11 UTC;";
var de=window.opne("a.html");


But you CANNOT delete the cookie for one window and let it stay for old window. All cookies are global for one domain and same Realm.  A realm is simply a directory and all subdirectories on the web server.

0
 
LVL 11

Expert Comment

by:walkerke
ID: 18806398
You could try using an onunload or onblur event for the body, but I'm not sure if that would be executed if the window were closed as opposed to loading a different page. You could also put a close wndow button on the new page which not only closes the window, it deletes the cookie.

Regardless, you should set a short expiration period for the cookie.
0
 
LVL 1

Author Comment

by:gowni
ID: 18806520
Hi,
Thanks for your responses. But I think I was not so clear in explaining. Sorry about that.
When a user logs in, he is broswing some pages and opens some new windows while browsing. When he will close any of the window, the cookie should be deleted.

Thanks & Regards,
Karunakar
0
 
LVL 63

Accepted Solution

by:
Zvonko earned 250 total points
ID: 18807058
The cookie can be deleted like this:

document.cookie="TheSessionCookieName=;path=/;expires=Fri, 1 Jan 1980 01:01:01 UTC;";



0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question