Session Timeout

Hi All,

Since this is related to Session am creating a new thread.

In banks sites we can’t login twice, As soon as we logged in they will insert 1 record in DB and the same user can’t login again, If the user forgot to sign out the session and closed the window directly. How they were identifying that.

I checked few sites, session time out is 10 mins. After logging in I closed the window again I tried to login immediately and it’s worked.. How they were identifying window close.

Please assist us

You may do as Gmail do. try to look at they source.

When you are writting an email and want to close the windown without saving it first, they will display a message.

Thanks Hebert..

But Gmail is simply giving a alert on unload event or onbeforeunload event. In case if the user overridded that alert. How to handle that situation ?

What if they have JavaScript turned off?

What makes you think starting a new thread is going to give you different answers than the first one?

(And I can log in to *my* banks twice just fine. Why? Because it doesn't *MATTER* if I log in twice. How about you just change your login code to handle it appropriately?

Good David... But My banks are not allowing

.

Also I like to track the logout time of the users. Is there any other alternative way.. ? without session timeout option.. if so please assist.

Again: what makes you think the answers will be any different in this thread?

May be onunload they are calling a js function which sends a request to the server to remove the session details from the DB.

I tried this... Submitting a AJAX request on onunload event. But am unable to send the request to server in firefox.

What if JavaScript is turned off? What if their browser crashes? You'd lock me out for the duration of the session timeout because my browser crashed or someone tripped over my computer cord?

yeah, i agree with David, that there are situation when it will not work.
I even have seen sites in which we have to call the customer care for this issue.
JS is one of the possible ways to handle this.

There may be many other ways:

Like if a user login through a new windows, we can end the session in the previous opened window after making a check in the DB with the operation performed by the user in the mean time if any work was done for the previous window( i believe banks will have all datas for audit so a check can be made at server side in your case).

Some background procces can be used to reset the user after certain time if he is inactive.

There may be more possible ways of implementation(which i may not know) and it will differ for site to site. But still believe there will be flaws.