LubomirMasar
asked on
How to prevent user from closing the browser w/o logging out first? (no X close)
In my ASP .Net web application, the customer has the following requirement. Whenever user tries to close the browser by using the X at the top (the hard close), I want to throw a message popup to user saying that they have not logged out of the application. Are you sure to close? And I want to give them Yes/No options so that if they click on yes, I will let them close otherwise the browser stays open. How can I acheive this?
I don't think Javascript Body Unload will help me because
1. There is no way to cancel the Unload from Javascript. The browser window will always close when user X closes it.
2. Body Unload will always fire when user moves from page to page inside the app or even when submits a page.
Is there any other way to do this?
Thanks,
I don't think Javascript Body Unload will help me because
1. There is no way to cancel the Unload from Javascript. The browser window will always close when user X closes it.
2. Body Unload will always fire when user moves from page to page inside the app or even when submits a page.
Is there any other way to do this?
Thanks,
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
cezarF
try onBeforeClose event
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
netsmithcentral,
Your code ought to have worked..but the problem is whether the user clicks Yes or No, the browser would still end up closing..Because once Unloading starts, no stopping it..
Your code ought to have worked..but the problem is whether the user clicks Yes or No, the browser would still end up closing..Because once Unloading starts, no stopping it..
Not sure whether return false still works or not, but that (used to be) the way that you could do this:
<body onBeforeUnload="if (confirm ('Are you sure you want to close?')){ return true; } else { return false; }">
Tom
<body onBeforeUnload="if (confirm ('Are you sure you want to close?')){ return true; } else { return false; }">
Tom
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@LubomirMasar, Did you test the code? The confirm box that gets opened is NOT a standard confirm box. It's provided FOR THIS REASON by IE and FF. It has the ability to stop the unload event.
FYI, here's some source info on it:
Mozilla: https://bugzilla.mozilla.org/show_bug.cgi?id=68215
MS: http://msdn2.microsoft.com/en-us/library/ms536907.aspx
Mozilla: https://bugzilla.mozilla.org/show_bug.cgi?id=68215
MS: http://msdn2.microsoft.com/en-us/library/ms536907.aspx
ASKER
netsmithcentral:
The code sample you gave DID work..That was cool..BUT I don't think that is something I could use..
The problem is the confirm popup will fire not just when user X closes the browser. It will also fire when user tries to navigate within the application itself..Just about everytime the page is refreshed/posted back the popup will appear. I dont want that..I want the popup to appear only when user tries to close the browser..
The code sample you gave DID work..That was cool..BUT I don't think that is something I could use..
The problem is the confirm popup will fire not just when user X closes the browser. It will also fire when user tries to navigate within the application itself..Just about everytime the page is refreshed/posted back the popup will appear. I dont want that..I want the popup to appear only when user tries to close the browser..
There are many ways to close the browser (well 2 close/x or crash).
Forcing a user to logout is not the right way to deal with web security.
Forcing a user to logout is not the right way to deal with web security.
I think that the right answer was provided here by more than one user. Recommend splitting points instead of deleting/no refund.
Tom
Tom
tomaugerdotcom,
Thanks for your post and participation here. I really debated a split but in the end decided against it. There were a couple of reasons for it. I appreciate the work that was provided and there was lots of good help from each expert. As I reviewed this though I just felt there wasn't an answer, especially after reading the Asker's last comment at http:#19747234 . I am definitely not saying the posts were wrong just that they didn't work in this case and there was no complete answer here.
I hope this helps you. If you still disagree then please be specific in which comments should be accepted and why. I will be happy to look over the info and the moderator who will close this will also review it.
b0lsc0tt
EE Cleanup Volunteer
Thanks for your post and participation here. I really debated a split but in the end decided against it. There were a couple of reasons for it. I appreciate the work that was provided and there was lots of good help from each expert. As I reviewed this though I just felt there wasn't an answer, especially after reading the Asker's last comment at http:#19747234 . I am definitely not saying the posts were wrong just that they didn't work in this case and there was no complete answer here.
I hope this helps you. If you still disagree then please be specific in which comments should be accepted and why. I will be happy to look over the info and the moderator who will close this will also review it.
b0lsc0tt
EE Cleanup Volunteer
@ b0lsc0tt - fair enough. Thanks for taking the time to address this!
T
T
The answer to this is "Don't do it".
You cannot guarantee that a user will follow any particular method of logging out.
If a browser/os/pc/dsl/modem crashes, there is no way to monitor that.
As I suggested, you tell users that an automatic logout will take place on the server if they don't interact with the application in x minutes time.
Using AJAX, you can touch the server every minute and use that as an indicator that the user has gone.
The internet is stateless, you have to respect that when you create your site.
I think the answers given DO warrant a split.
You cannot guarantee that a user will follow any particular method of logging out.
If a browser/os/pc/dsl/modem crashes, there is no way to monitor that.
As I suggested, you tell users that an automatic logout will take place on the server if they don't interact with the application in x minutes time.
Using AJAX, you can touch the server every minute and use that as an indicator that the user has gone.
The internet is stateless, you have to respect that when you create your site.
I think the answers given DO warrant a split.
Rquadling,
Thanks for your post and comment. Since I really did debate between the two and with a second objection I will change my recommendation.
Changed recommendation: Split - RQuadling {http:#19738357} & netsmithcentral {http:#19738692} & tomaugerdotcom {http:#19739011}
Let me know if there is an objection to this or question. The moderator should finalize this very soon.
b0lsc0tt
EE Cleanup Volunteer
Thanks for your post and comment. Since I really did debate between the two and with a second objection I will change my recommendation.
Changed recommendation: Split - RQuadling {http:#19738357} & netsmithcentral {http:#19738692} & tomaugerdotcom {http:#19739011}
Let me know if there is an objection to this or question. The moderator should finalize this very soon.
b0lsc0tt
EE Cleanup Volunteer
Forced accept.
Computer101
EE Admin
Computer101
EE Admin