log out if all tabs closed - ruby-on-rails

I have an app, and user and session models there. New session creates when user logs in. and sessiond destroyes if user log out or close browser. But I want to add destroying session if user close all tabs with my app. Is it possible to do from scratch? If no what i should use?
Thanks in advance

You need to use window.name, here there is some solutions to control your application within different tabs: Multiple Tabs

Session variables are server-side, and tab closing is a client-side action, so you'd have to somehow send a signal to the server to clear those session variables.
The most obvious method to me would be to use the browser's onbeforeunload method and ajaxically send something to the server to clear the session.
Now you have to find a way how you will detect all the tabs of your site is closed.Because, if I have your site open in two tabs, this technique will clear the session on the close of the one tab, rendering the other tab useless (not usesless, just the rug might have been pulled from under this page, now that session is gone)

Related

How to warn user if he/she accidentally close/leave session at website?

We develop accounting system on a web with ASP.NET MVC and encountered this problem - if user is in the middle of the work and somehow manages to close browser all work is gone (and users are not geeks at all it did happen and will happen). Especially problematic at Chrome in Windows after they removed warning of closing tabs from philosophical reasons so now it will just shut down. We would like to be able to somehow catch this behavior. Also even when Firefox for example has warning that user is going to shut down his tabs - simple clicking the checkbox will remove it all again. So is it possible to keep track of this action to prevent user accidentally closing browser and lost all the work? Or is it even possible to do for example in Chrome? The solution would be simple warning window but it needs to show basically everytime if closing while our web application is alive. We don't want to keep session alive after closing browser for obvious security reasons. Also - it should work at Chrome, IE and Firefox. Thank you for your help.
you can try the below code:
window.onbeforeunload = function()
{
return "Are you sure you want to exit";
}
If your front end is using MVVM such as AngularJS or Knockout, or any of the other popular binding libraries, consider a different approach to preventing the user from quitting the page.
In a client-side interval, serialize your view model and store it in local storage.
When the save/exit condition for the current page is met, clear the local storage.
If the page is loaded again, and there is something in local storage, this means that on the previous session, the browser was closed before saving - so deserialize the local storage object back into the viewmodel (use a unique key per page) - you can combine this with some UI that tells the user that their previous state has been restored, click ok to continue or start over to start again (which would reset the viewmodel)
I should add that you'll have to watch out for multiple simultaneous tabs, so you may want to work around this by making the key unique somehow, e.g. creating two invoices simultaneously.
This essentially provides an auto-save but client-side only.
You can combine this technique with using window.onBeforeUnload as per Tejinder's answer, but as you cannot style the "unload confirmation" prompt, providing an auto-resume is a much better experience.

Durandal+Knockout to develop a Single Page Application: Selectively show portions of page based upon authorization

I am using Durandal, knockout to create a Single Page Application. I need to do following (two pretty simple things):
Show/hide widgets that are only for administrator, based upon the user's authorization,
Change menu options based upon whether user is authenticated or not (for anonymous show - login/sign up and when authenticated show "Welcome .." .
If this was a regular MVC4 application I would have done it using
#if (User.Identity.IsAuthenticated) { ... } check in razor views, but with views in durandal this is ruled out.
I want to avoid putting sensitive business logic in javascript - user need not know what kind of options could have been available to him if he was an administrator.
What's the best way to achieve this in Durandal & Knockout? I have been coding so far using classic ASP.NET and lately using ASP.NET MVC. Developing SPA using Durandal is a new game for me...If anyone can give me only steps/pointers to do this that will help a lot too..thanks in advance!
The way I do it.
My menus are build inside a menubar.js file. The menuItems are observableArrays([]) initially and I subscribe to a topic "user-logged-in".
When the user logs in, I get the user's permissions/roles and store them locally in storage. and then send out notification "user-logged-in" with the user data.
My menubar recieves the notification, checks the permissions/roles and adds various menu items appropriately.
the shell.html has a view composition for the menubar.js. So if there are menuitems, it shows up, else it does not. so when the user logs in, the menuItems are populated and at this point the menu items show up.
When the user logs out, I clear the local storage cache and send out a message "user-logged-out".
The menubar.js recieves this message and clears it's menu items, essentially clearing the menu on the menubar.htm
You can essentially do the same for the widgets and use a visible binding to a property which hides or shows for a particular permission/role.
Also important is router.guardRoute. read up on this so that people cannot directly go to a route without logging in.
Hope that helps

Ruby on Rails Sessions for new users

We have some sharing elements of our application where we embed logging IDs into the URL's that we share out. When a user clicks that URL, we add a record to our database so we can hopefully follow them throughout the registration process. We've found that if you reset your browser and go to the link the first time, there is no session info from the controller. However, all subsequent requests then have the session. It's almost like it's getting created after the first request.
We attempted to log it via ajax on the view, but this is cumbersome in all the places we want.
Anyone know what sessions wouldn't be available in the controller on first access for a new uesr?
I think you might have code in the wrong order. You must have the session creation before any logic can my applied to it.
Hope this helps.

Clearing session values on tab close

To my understanding the session variable gets cleared when a users closes their browser. Is there anyway to clear the session variable when a users closes a tab in a browser?
The reason I ask is that I need to differentiate two visits if a user is on the site and closes the tab but not the browser, and the user goes back to the site on a separate tab in the same browser session.
Session variables are server-side, and tab closing is a client-side action, so you'd have to somehow send a signal to the server to clear those session variables.
The most obvious method to me would be to use the browser's onbeforeunload method and ajaxically send something to the server to clear the session.
This is dangerous territory, though. Are you sure you don't want to allow the user to open and use more than one tab of your site at the same time? Because, if I have your site open in two tabs, this technique will clear the session on the close of the one tab, rendering the other tab useless (not usesless, just the rug might have been pulled from under this page, now that session is gone).
Check the following link for best answer:
Why Doesn't Closing A Tab Delete A Session Cookie? .
What you can do is append some random text in end of url's and store it for reference and if the users comes from new tab and doesn't has the random text appended, you can determine the user coming from different tab.

How to pass context around in a ASP.NET MVC web app

Ok, I'm a newbie to ASP.NET web apps... and web apps in general. I'm just doing a bit of a play app for an internal tool at work.
given this tutorial...
http://www.asp.net/learn/mvc-videos/video-395.aspx
The example basically has a global tasklist.
So if I wanted to do the same thing, but now I want to maintain tasks for projects. So I now select a project and I get the task list for that project. How do I keep the context of what project I have selected as I interact with the tasks? Do I encode it into the link somehow? or do you keep it in some kind of session data? or some other way?
As it sounds like you are having multiple projects with a number of tasks each, it would be best practise to let the project be set in the URL. This would require a route such as "/projects/{project}/tasks". It follows the RESTful URL principle (i.e. the URL describes the content).
Using session state will not work if a user possibly have different projects open in multiple browser windows. Let's say I am logging into your system and a selecting two projects opening in two tabs. First the session is set to the project of the first opened tab, but as soon the second tab has loaded, the session will be overwritten to this project. If I then do anything in the first tab, it will be recorded for the second project.
I use:
Session state for state that should last for multiple requests, e.g. when using wizards. I'd be careful not to put too much data here though as it can lead to scalability problems.
TempData for scenarios where you only want the state to be available for the next request (e.g. when you are redirecting to another action and you want that action to have access to the state, but you don't want it to hang around after that)
Hidden form fields [input type="hidden"] for state that pertains to the form data and that I want the the controller to know about, but I don't want that data displayed. Also can be used to push state to the client so as not to overburden server resources.
ok, From what I can tell, the best option seems to be to save it into the Session data
RESTful URLs, hidden fields, and session cookies are your friends.

Resources