Hi everybody, I''m pretty new in rails so I''ve been "playing" programming simple app one of the was an app with a login and session management. Up to here, everything is pretty smooth, as rails; but I have a question that I can solve, that''s why I''m writing to the group. Is there a way to catch the browser close event? I want it to end the users session, because if the user close the browser and try to sign in, I get the "user already logged" message. I hope someone can help me! Thanks! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Mar 2, 4:04 pm, Hiro <hiromoto.hiro...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Hi everybody, > > I''m pretty new in rails so I''ve been "playing" programming simple app > one of the was an app with a login and session management. Up to here, > everything is pretty smooth, as rails; but I have a question that I > can solve, that''s why I''m writing to the group. Is there a way to > catch the browser close event? I want it to end the users session, > because if the user close the browser and try to sign in, I get the > "user already logged" message. >well windows do have an onclose event but I''m not sure that an ajax request fired from there would work (the browser might just destroy everything associated with the page at that point). Even then you''d have to deal with browsers crashing, internet connections dropping out etc. so my advice would be to not relying on detecting the end of someone''s session and make your login code a bit more flexible. Fred --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
> > I''m pretty new in rails so I''ve been "playing" programming simple app > > one of the was an app with a login and session management. Up to here, > > everything is pretty smooth, as rails; but I have a question that I > > can solve, that''s why I''m writing to the group. Is there a way to > > catch the browser close event? I want it to end the users session, > > because if the user close the browser and try to sign in, I get the > > "user already logged" message.If the user is already logged in, why not have the session controller redirect them to an appropriate page? Also, If you want the user''s session to end when the browser is closed, just use a session cookie. SH --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
[..]> > If the user is already logged in, why not have the session controller redirect > them to an appropriate page?Since I''m building rails app just for learning proporses this could work, but what happend if this were a real app and another person tries to log-in using the same user-pass, it would allow 2 or more people logged with the same user.> Also, If you want the user''s session to end when the browser is closed, just use > a session cookie.I''ll check what a session cookie is and write if that worked.> SHThanks for the reply!!! Hiro --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
> Since I''m building rails app just for learning proporses this could > work, but what happend if this were a real app and another person > tries to log-in using the same user-pass, it would allow 2 or more > people logged with the same user.Two different problems. 1) Different people are able to login at the same time with the same username using different PCs. To prevent that you need to write into the database when someone is logged in and have them logout or timeout. 2) Someone on one PC logs in, closes the browser, re-opens the browser and attempts to login again. That is what''s giving you a problem in your original post. So do what was recommended and automatically login the user if they still have a valid session.> I''ll check what a session cookie is and write if that worked.A session cookie expires when the user closes their browser. If you really want to force the user to re-login when they close the browser and then re-open it soon thereafter this is the way to go. But this doesn''t at all prevent multiple people from using the same username/ password at the same time. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
psujohn wrote:> A session cookie expires when the user closes their browser. If you > really want to force the user to re-login when they close the browser > and then re-open it soon thereafter this is the way to go. But this > doesn''t at all prevent multiple people from using the same username/ > password at the same time.Doesn''t Rails use a session cookie by default. In fact, by default, the entire session state is stored in a session cookie. It''s my understanding that extra code must be added to maintain a user''s session from one browser launch to the next. Maybe I''m missing something here? -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
[..]> > Two different problems.You''re right, they''re two different problems, now I see it more clearly.> > 1) Different people are able to login at the same time with the same > username using different PCs. To prevent that you need to write into > the database when someone is logged in and have them logout or > timeout.I''ll try that, if I understood I need a sort of flag[in db] that indicates me if a user is connected or not and validate that flag in the login.> 2) Someone on one PC logs in, closes the browser, re-opens the browser > and attempts to login again. That is what''s giving you a problem in > your original post. So do what was recommended and automatically login > the user if they still have a valid session.OK, I''ll do as recommended!> > > I''ll check what a session cookie is and write if that worked. > > A session cookie expires when the user closes their browser. If you > really want to force the user to re-login when they close the browser > and then re-open it soon thereafter this is the way to go. But this > doesn''t at all prevent multiple people from using the same username/ > password at the same time.I''ll try it, too. But I think the point 2 it''s a better solution Thanks for the reply!!! I''m going to try this new things and write if it worked! Hiro --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Hello Hiro, On Mon, 2009-03-02 at 08:04 -0800, Hiro wrote:> Is there a way to catch the browser close event?There is no reliable way to do this.> I want it to end the users session, because if the > user close the browser and try to sign in, I get the > "user already logged" message.Do you want closing the browser to end the user''s session? Or are you just wanting to avoid the user trying to sign in and getting an error message when they already have a valid session and don''t need to sign in? The first is difficult. The second, easy. Let us know. Best regards, Bill --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
I second Bill. H On Mar 2, 8:59 pm, bill walton <bwalton...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> Hello Hiro, > > On Mon, 2009-03-02 at 08:04 -0800, Hiro wrote: > > Is there a way to catch the browser close event? > > There is no reliable way to do this. > > > I want it to end the users session, because if the > > user close the browser and try to sign in, I get the > > "user already logged" message. > > Do you want closing the browser to end the user''s session? Or are you > just wanting to avoid the user trying to sign in and getting an error > message when they already have a valid session and don''t need to sign > in? The first is difficult. The second, easy. Let us know. > > Best regards, > Bill--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
[..]> > Do you want closing the browser to end the user''s session? Or are you > > just wanting to avoid the user trying to sign in and getting an error > > message when they already have a valid session and don''t need to sign > > in? The first is difficult. The second, easy. Let us know.The first one. Maybe it wasn''t clear but I''m doing this app from scratch (trying to learn ruby and rails)... so I can avoid the error message because I wrote it. I haven''t check the cookie session stuff... but if there other options or answers I''ll glad to hear (actually read) them. Thanks!! everyone for the answers!!! Hiro --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Mon, Mar 2, 2009 at 7:59 PM, bill walton <bwalton.im-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > Hello Hiro, > > On Mon, 2009-03-02 at 08:04 -0800, Hiro wrote: > >> Is there a way to catch the browser close event? > > There is no reliable way to do this.<html> <head> <title></title> <script language="JavaScript"> <!-- cancel = 0 window.onbeforeunload = bunload; function bunload() { if( cancel != 1 ) { dontleave="You must click the submit button below to complete the sharing"; return dontleave; } } function cancel_bunload() { cancel = 1; } //--> </script> </head> <body> Please stay on this page! <br><br> <a href="confirm_close.html">A link the user shouldn''t click</a> <br><br> <form method="post" action="confirm_close.html"> <input type="submit" name="submit" value="submit" onclick="cancel_bunload()"> </form> </body> </html> -- Greg Donald http://destiney.com/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
> window.onbeforeunload = bunload; > function bunload()The beforeunload event is also fired on page refresh & when you browse away from the current page. Also, what happens if the power goes out on the user''s computer? Really, there''s no way to detect a real "browser close" event in a way that works 100% of the time. The closest thing you can do is to have the browser continually ping the server, then detect the absence of that ping. But that would be extreme overkill for this situation. SH --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Mar 2, 5:09 pm, psujohn <psuj...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > Since I''m building rails app just for learning proporses this could > > work, but what happend if this were a real app and another person > > tries to log-in using the same user-pass, it would allow 2 or more > > people logged with the same user. > > Two different problems. > > 1) Different people are able to login at the same time with the same > username using different PCs. To prevent that you need to write into > the database when someone is logged in and have them logout or > timeout.As someone who''s used an app with this behavior - just don''t do it. Network outages = fail, PC craps out = epic fail. The app in question was even more restrictive - it tracked the IP the user was logged in, and wouldn''t permit logins on other IPs. A tech had to manually unlock accounts to get users back online. NOT GOOD. There''s also no reason to ever do this - if a malicious attacker already has a user''s login AND password, the game is over. "One session per account" is just going to annoy legitimate users (who forget to logout before going to work, etc.) --Matt Jones --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
bill walton wrote:> Hello Hiro, > > On Mon, 2009-03-02 at 08:04 -0800, Hiro wrote: > >> Is there a way to catch the browser close event? > > There is no reliable way to do this. > >> I want it to end the users session, because if the >> user close the browser and try to sign in, I get the >> "user already logged" message. > > Do you want closing the browser to end the user''s session? Or are you > just wanting to avoid the user trying to sign in and getting an error > message when they already have a valid session and don''t need to sign > in? The first is difficult. The second, easy. Let us know. > > Best regards, > BillBill... I''m trying to have the user session expire on a browser close. Is there an easy way of doing that? -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.