I'm trying to launch a "logout" page if the usesr closes the browser...I've looked for a couple of days and I think I have looked at all of the related topics...tried quite a few...but so far, nothing is working the way I need it to...
Everything seems to trigger just navigating to the next page...I want to be able to navigate the site and NOTHING IF I LOG OUT...but if I CLOSE THE BROWSER (or the DOMAIN changes), I want to fire the logout page.
Actually, it really doesn't need to open a popup...but that would be my preference...
Thanks for any help in getting a definitive answer...
HOLD THE PHONE...
Just FYI...I found what seems to be working here:
[http://eureka.ykyuen.info/2011/02/22/jquery-javascript-capture-the-browser-or-tab-closed-event/][1]
...and it also seems that there are some very useful variations from contributers.
I also added a line to the original script to execute my logout page...
You should be able to add a listener using onbeforeunload and ask the user if they want to log out in the prompt https://developer.mozilla.org/en-US/docs/DOM/window.onbeforeunload
Related
I have an extension that has been working for almost 2 years now with out issue. I havent made any changes in about a year, but recently i started seeing some change in behavior.
I use the Webrequest APi to intercept navigations. During the callback for some websites i need to do some security evaluations async. When this happens I redirect to a local resource (html) as an interstatial page that tells the user what I am doing. Once complete based off the evaualtion the page is redirected where it should be. This is ussually very fast and has worked great for the last 2 years. Since the latest version of chrome things dont seem to work anymore for all cases.
If i intercept an address bar navigation. everything works as expected. The interstatial pops and everythings great. However. If i click on the same website as a link on a webpage. I get the "Blocked by Extension page". (what you would get if the nav was cancelled). I also noticed that my interstatial is showing up in the web history and if i click on it from my history page everything works.
It seems as if a bug might have been introduced by google?
Just wondering if anyone has seen this.
Thanks
How to stop a user from opening a new browser session in XPages
In the answer to this posting Knutt added a really nice bit of code that stops a user from opening multiple instances of the same application in a browser. This works very well in a web browser, but when the App is opened in a Notes Client the screen flashes every 5 seconds as the "I am Alive" code is executed. I have set the database in the Notes Preferences to run on server, but this does not seem to help.
Does anyone have any ideas how to, fix this?
I found a conflict between two other processes that were causing the issue. The frequency happened to be very similar to the 5 -7 seconds used in "I am Alive". It is working as intended with no code change needed.
I want the application show a popup to inform inactive user when he back to use the application that the session is timeout and to click on ok to redirect him to login again.
the first problem i cant detect that the session is timeout .
the second problem evenif i detect that the session is timeout how can i show the popup ?
i tryed o detect the session timeout with a listener but didnt work
<f:event listener="#{logincontroller.checksessiontimeout}" type="preValidate"/>
i am using primefaces and glassfish.
The problem with the approach you have chosen is the session has timed out, but you already figured it out. )
The solution could be to use ExceptionHandler.
If you really want to show a popup you can redirect to the same page passing some predefined parameter based on which your popup would be rendered. As an alternative you may consider redirection to login page right away and show notification about session expiration there. The second way looks more natural to me, but this is my personal point of view.
You may find information on how to do this in BalusC blog post
also you may find some discussion on stackoverflow here with references to other similar questions. Those would still point you to the blog post I mentioned earlier
I got a solution for Firefox and IE but I didn't find any solution for Google Chrome.
Is there a way to do it in Google Chrome?
I know it's a really old post... I mean like friggin 5 years now, but I just found a somewhat good solution.
Inside your protected folder, create another folder, let's call it "logout". Place the same .htaccess file in here as you have in your protected folder, except with a small modification.
instead of:
Require valid-user
now write:
Require user EXIT
And make sure, you don't have a user named exit! :D
In your protected area, your logout link or button or whatever, should redirect the user to this address: example.com/protectedFolder/logout
The browsers usually are able to keep only one user logged in from one site name or realm name... the sign in attempt for the user Exit will overwrite everything, thus the originally logged in user, would have to log in again to the protected area.
But as always, I might be wrong, and you should still close all your browser window, and restart the computer if you want to be sure! :)
Also, it wouldn't hurt, if you would tell your users what is going to happen, when they hit logout!
I have tested this in chrome and in internet explorer 11.(will not work in edge, and maybe others neither)
The solution was found here:
https://www.mavensecurity.com/media/BasicAuthLogOut.pdf
You can't logout a HTTP authenticated session other then closing the browser window. Also see the accepted answer on this question for an extensive explanation.
try redirect to:
wrong_user:wrong_password#yourdomain.com
I have put together the following article which explains how I have managed to achieve this in Chrome. I hope this helps. https://www.hattonwebsolutions.co.uk/articles/how_to_logout_of_http_sessions
In short - you create a sub folder (as per Gyula's answer) but then send an ajax request to the page (which fails) and then trigger a timeout redirect to the logged out page. This avoids having a secondary popup in the logout folder requesting another username (which would confuse users). My article uses Jquery but it should be possible to avoid this.
I want to know how you guys deal with back button issues in your web applications.
I can not forbid users to click back button on their browser, but when they hit it, the page code doesn't run. So writing in page_load() makes no sense.
I have searched online and found this link: Disabling Back button on the browser. It does not work for me. Any idea?
There is no way to disable the back button. You can try to open your page/form in a new window so there would be nothing to navigate back to
Normally, If I have a critical or lengthy form, I tend to maintain a dirty-flag and if the user starts entering something, the dirty-flag gets set and on save or submit it gets reset. You can use unload/beforeunload javascript event to see if the dirty-flag is set and ask for confirmation.