We help IT Professionals succeed at work.

How to prevent user from closing the browser w/o logging out first? (no X close)

2,278 Views
Last Modified: 2012-08-13
In my ASP .Net web application, the customer has the following requirement. Whenever user tries to close the browser by using the X at the top (the hard close), I want to throw a message popup to user saying that they have not logged out of the application. Are you sure to close? And I want to give them Yes/No options so that if they click on yes, I will let them close otherwise the browser stays open. How can I acheive this?

I don't think Javascript Body Unload will help me because
1. There is no way to cancel the Unload from Javascript. The browser window will always close when user X closes it.
2. Body Unload will always fire when user moves from page to page inside the app or even when submits a page.

Is there any other way to do this?

Thanks,
Comment
Watch Question

Senior Software Developer
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Commented:
try onBeforeClose event
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
netsmithcentral,

Your code ought to have worked..but the problem is whether the user clicks Yes or No, the browser would still end up closing..Because once Unloading starts, no stopping it..
Not sure whether return false still works or not, but that (used to be) the way that you could do this:

<body onBeforeUnload="if (confirm ('Are you sure you want to close?')){ return true; } else { return false; }">

Tom
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
@LubomirMasar, Did you test the code?  The confirm box that gets opened is NOT a standard confirm box.  It's provided FOR THIS REASON by IE and FF.  It has the ability to stop the unload event.

Author

Commented:
netsmithcentral:

The code sample you gave DID work..That was cool..BUT I don't think that is something I could use..
The problem is the confirm popup will fire not just when user X closes the browser. It will also fire when user tries to navigate within the application itself..Just about everytime the page is refreshed/posted back the popup will appear. I dont want that..I want the popup to appear only when user tries to close the browser..
Richard QuadlingSenior Software Developer

Commented:
There are many ways to close the browser (well 2 close/x or crash).

Forcing a user to logout is not the right way to deal with web security.

I think that the right answer was provided here by more than one user. Recommend splitting points instead of deleting/no refund.

Tom
b0lsc0ttIT Manager
CERTIFIED EXPERT

Commented:
tomaugerdotcom,

Thanks for your post and participation here.  I really debated a split but in the end decided against it.  There were a couple of reasons for it.  I appreciate the work that was provided and there was lots of good help from each expert.  As I reviewed this though I just felt there wasn't an answer, especially after reading the Asker's last comment at http:#19747234 .  I am definitely not saying the posts were wrong just that they didn't work in this case and there was no complete answer here.

I hope this helps you.  If you still disagree then please be specific in which comments should be accepted and why.  I will be happy to look over the info and the moderator who will close this will also review it.

b0lsc0tt
EE Cleanup Volunteer
@ b0lsc0tt - fair enough. Thanks for taking the time to address this!

T
Richard QuadlingSenior Software Developer

Commented:
The answer to this is "Don't do it".

You cannot guarantee that a user will follow any particular method of logging out.

If a browser/os/pc/dsl/modem crashes, there is no way to monitor that.

As I suggested, you tell users that an automatic logout will take place on the server if they don't interact with the application in x minutes time.

Using AJAX, you can touch the server every minute and use that as an indicator that the user has gone.

The internet is stateless, you have to respect that when you create your site.

I think the answers given DO warrant a split.
b0lsc0ttIT Manager
CERTIFIED EXPERT

Commented:
Rquadling,

Thanks for your post and comment.  Since I really did debate between the two and with a second objection I will change my recommendation.

   Changed recommendation:  Split - RQuadling {http:#19738357} & netsmithcentral {http:#19738692} & tomaugerdotcom {http:#19739011}

Let me know if there is an objection to this or question.  The moderator should finalize this very soon.

b0lsc0tt
EE Cleanup Volunteer
Forced accept.

Computer101
EE Admin

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.