How can I logout a user from all open tabs automatically when user logs out in one of them?

Question

I have created a Login page, amongst many others pages, which contains code to check the session. If the user doesn't have a session then all pages will reload and redirect to the logout page. This script is called every three seconds.

The code I've written is working fine but I want implement it another way. When the user logs out, all open tabs reload/refresh causing the user to be logged out. Is that possible?

sessioncheck.php:

<?php session_start(); if(isset($_SESSION['username']) && $_SESSION['username'] != ''){     echo "true"; } else {     echo "false"; } ?> 

This code is in every page footer:

<script>     function gettatus(){         $.get("sessioncheck.php", function(data){             if(!data) {                 window.location = "logout.php";             }             setTimeout(function(){                 checkLoginStatus();             }, 3000);         });     }     $(document).ready(function(){         gettatus();     }); </script> 

Answer 1

When ajax is useful

Making an ajax request to your server every 3 seconds is useful just in case 1. you have opened tabs in different browsers 2. or in many computers. 3. or you use very old browsers

Setting cookie doesn't work.

Approach using setting cookie doesn't work since one tab is not aware of changed cookies in another tab. That's because of document (where cookies are got from with getCookie) of tab A is not changing without request to a server. You can open two tabs of SO and try to set setCookie('name', 'val', 1) in one tab and look at document.cookie in the other tab.

How to make another tabs knew about logout immediately

If you need to logout all tabs of the same browser, it would be great to pass signals between tabs. There are a couple of methods, I want to tell you about using localStorage (demo here).

You can attach a listener to a storage event (fired when storage item is changed) and send a logout-event signal.

localStorage.setItem('logout-event', 'logout' + Math.random()); 

Every other tab will get it with a listener.

window.addEventListener('storage', function(event){     if (event.key == 'logout-event') {          // ..     } }); 

What if old browsers without localStorage

You can use both approaches - localStorage and auto-refresh, for example every 60 seconds, just to be sure it works when tabs are opened at different computers. If localStorage doesn't work (very old browsers), auto-refresh every 3 seconds.

The following fiddle shows how to deal with it.

What else?

You can use node.js + socket.io to send signals between all browsers of a user. It works rapidly and will logout a user on every device, but it is a little harder to deal with than a common jQuery.

Answer 2

lets consider somethings that you are using php session and you are checking following code every time you are loading your pages or after some time duration

<?php     session_start();     if(isset($_SESSION['username']) && $_SESSION['username'] != '')         echo true;     else          echo false; ?> 

So on your logout.php file you are probably doing something like this unset($_SESSION['username']); and session_destroy();

Therefore when your page will call that checking php you will find false in return and that following user will no longer get access from any browser and any pages. And For automatically logout try this

$sessionTTL = time() - $_SESSION["timeout"]; if ($sessionTTL > $inactive) {     session_destroy();     unset($_SESSION['username']);     echo false; 

Note: you must set $inactive = 6000;(for example) as global variable while login