Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can you display a session timeout warning that is smart enough to handle multiple open browsers or tabs

I have implemented a session timeout warning using javascript that simply asks the user if they want to extend their session or logout. The problem is that this is for an intranet portal where power users will often have several browser windows or tabs open at the same time to the application. Currently, they will be prompted that they are about to be logged out from every browser window. How can I make the code smarter to detect that they are actively using another browser session?

like image 518
Joel Avatar asked Dec 12 '08 19:12

Joel


People also ask

How do I alert someone before session timeout?

First things first: When you want to warn the user 5 minutes before the 15 minutes timeout, the warning shoud be displayed at 10 minutes after page load. setTimeout( function() { alert("Your session will expire in 5 minutes."); }, 10*60*1000);

How does session timeout work?

Session timeout represents the event occuring when a user does not perform any action on a web site during an interval (defined by a web server). The event, on the server side, changes the status of the user session to 'invalid' (ie.


2 Answers

You'd have to check the session state on the server using Ajax and keep track of all the open sessions/windows the user has. You'd then be able to target only one of the available sessions with the log out warning.

In response to your comment:

Don't use the built-in session mechanism, devise your own using an server-side presistent array or a database log.

No, nothing in the HTTP request tells you how many browsers are open, but you can assign your own sessionID cookie as the user opens each browser window. Make an Ajax call to the server, see if the user has timed-out, and if you're the lowest (or last) entry in the session log then you're the browser that gets the warning.

like image 137
Diodeus - James MacFarlane Avatar answered Sep 22 '22 04:09

Diodeus - James MacFarlane


You can't count on all tabs/windows to be part of the same Session, because they could be spawned and contained within separate processes and you don't have much control over that.

But if your code references a Javascript cookie, you can check your pseudo-session state via a postback (synchronous or asynchronous AJAX). But then you're depending on cookies being enabled on the user's browser.

like image 42
Kon Avatar answered Sep 22 '22 04:09

Kon