|
|
Posted by Gordon Burditt on 10/02/25 11:17
>Yup, I'm keeping track of login and last_hit times. However, the server
>is not able to distinguish between a user who is taking a long time to
>post an update from a user who killed the browser window without
>hitting logoff. (The purpose is to just warn them when more than one
>is updating the same data.)
If you are really trying to track simultaneous updates to the same
data, you need a lot more than login information. And isn't the
time to do this when the user submits the conflicting change?
What's your purpose in trying to tell when a user has "logged off"
(whatever that means)? Invalidating a session after a certain amount
of time addresses the "unattended keyboard" security issue (and
doesn't require dealing with the browser at all). If this isn't the
point, what is?
>> You can't send a page to the browser spontaneously.
>
>I could use the onBlur feature to automatically load logoff.
It's this sort of thing that is a major reason Javascript is Turned Off(tm).
>Perhaps I could use a frame, where an invisible page stays there
>just to confirm that the user's session is still valid. Many sites,
>e.g. PostNuke, display to a user what other users are currently
>logged on, so I don't want to reinvent the weel...
If your purpose is to display who's logged on, that info is suspect
at best. You can't tell the difference between someone who is still
entering an update and one who has been arrested (leaving his browser
open) and is serving a life sentence, except by the magnitude of
the idle time. Oh, yes, there's also computers crashing, power
failures, and suddenly getting disconnected from the Internet via
dialup lines (call waiting, line noise, someone picks up extension
and starts dialing, etc.).
I suspect those sites displaying users logged in are using timeouts
and not worrying too much about accuracy.
Gordon L. Burditt
Navigation:
[Reply to this message]
|