Clearing session values on tab close - ruby-on-rails

To my understanding the session variable gets cleared when a users closes their browser. Is there anyway to clear the session variable when a users closes a tab in a browser?
The reason I ask is that I need to differentiate two visits if a user is on the site and closes the tab but not the browser, and the user goes back to the site on a separate tab in the same browser session.

Session variables are server-side, and tab closing is a client-side action, so you'd have to somehow send a signal to the server to clear those session variables.
The most obvious method to me would be to use the browser's onbeforeunload method and ajaxically send something to the server to clear the session.
This is dangerous territory, though. Are you sure you don't want to allow the user to open and use more than one tab of your site at the same time? Because, if I have your site open in two tabs, this technique will clear the session on the close of the one tab, rendering the other tab useless (not usesless, just the rug might have been pulled from under this page, now that session is gone).

Check the following link for best answer:
Why Doesn't Closing A Tab Delete A Session Cookie? .
What you can do is append some random text in end of url's and store it for reference and if the users comes from new tab and doesn't has the random text appended, you can determine the user coming from different tab.

Related

How to warn user if he/she accidentally close/leave session at website?

We develop accounting system on a web with ASP.NET MVC and encountered this problem - if user is in the middle of the work and somehow manages to close browser all work is gone (and users are not geeks at all it did happen and will happen). Especially problematic at Chrome in Windows after they removed warning of closing tabs from philosophical reasons so now it will just shut down. We would like to be able to somehow catch this behavior. Also even when Firefox for example has warning that user is going to shut down his tabs - simple clicking the checkbox will remove it all again. So is it possible to keep track of this action to prevent user accidentally closing browser and lost all the work? Or is it even possible to do for example in Chrome? The solution would be simple warning window but it needs to show basically everytime if closing while our web application is alive. We don't want to keep session alive after closing browser for obvious security reasons. Also - it should work at Chrome, IE and Firefox. Thank you for your help.
you can try the below code:
window.onbeforeunload = function()
{
return "Are you sure you want to exit";
}
If your front end is using MVVM such as AngularJS or Knockout, or any of the other popular binding libraries, consider a different approach to preventing the user from quitting the page.
In a client-side interval, serialize your view model and store it in local storage.
When the save/exit condition for the current page is met, clear the local storage.
If the page is loaded again, and there is something in local storage, this means that on the previous session, the browser was closed before saving - so deserialize the local storage object back into the viewmodel (use a unique key per page) - you can combine this with some UI that tells the user that their previous state has been restored, click ok to continue or start over to start again (which would reset the viewmodel)
I should add that you'll have to watch out for multiple simultaneous tabs, so you may want to work around this by making the key unique somehow, e.g. creating two invoices simultaneously.
This essentially provides an auto-save but client-side only.
You can combine this technique with using window.onBeforeUnload as per Tejinder's answer, but as you cannot style the "unload confirmation" prompt, providing an auto-resume is a much better experience.

already logged page should be display when open new tab in struts2

I developing Struts2 project.
In that project the user can log in and do something its work fine.
If that user open the new tab and type my project url it will show the same page(after login page).
How do I implement the above scenario?
One way would be doing like described here, in a question almost identical to your (concept is the same, only the implementation, on .NET, differs).
Calculate an unique value each time you pass in the Action, then put
it in a session variable (that is server side) and use it to feed an
hidden field on the web page (that is client side).
When the page will post back (submit) the form containing your hidden field, you
will see if the page field and the session field are the same.
If yes: it is (the only OR) the last page / tab opened.
If no: you are trying to submit the form from a page that is not the
last page opened.
This way, you will always have only one instance of the web application, and if you open another instance of the web application in a new page / tab, it will invalidate the previous one: only the last opened will be valid (because of multiple hidden fields, one for each page, but only one session variable).
IF you really need (do you?) to prevent the user opening a new tab instead of ensuring a single instance for the web-app, start working from this principle and eventually come back here (better with some code)

Url opens only on clicking link

Is there a way to ensure that a url successfully loads page only on clicking the link provided on a page and preventing url to open if the url is copy pasted in the browser address bar and Enter key is pressed ?
Edit
Session variables is the answer .. very silly question
You can't. Its a browser function and you don't have any control over it.
Users can't be outright prevented from this.
You can try to make it tough though, for example through hidden POST data or through a "proxy" link which acts as a gateway to your page. Session variables come to mind in this case, since you have effectively moved the locking logic server-side.

log out if all tabs closed

I have an app, and user and session models there. New session creates when user logs in. and sessiond destroyes if user log out or close browser. But I want to add destroying session if user close all tabs with my app. Is it possible to do from scratch? If no what i should use?
Thanks in advance
You need to use window.name, here there is some solutions to control your application within different tabs: Multiple Tabs
Session variables are server-side, and tab closing is a client-side action, so you'd have to somehow send a signal to the server to clear those session variables.
The most obvious method to me would be to use the browser's onbeforeunload method and ajaxically send something to the server to clear the session.
Now you have to find a way how you will detect all the tabs of your site is closed.Because, if I have your site open in two tabs, this technique will clear the session on the close of the one tab, rendering the other tab useless (not usesless, just the rug might have been pulled from under this page, now that session is gone)

How to store user preferences? Cookie becomes bigger

My application (Asp.Net MVC) has great interaction with the user interface (jQuery/js). For example, setting various searches charts, moving the gadgets on the screen and more .. I of course want to keep all data for each user. So that data will be available from any page in the Dumaine and the user will accepts his preferences.
Now I keep all data in a cookie because it did not seem logical asynchronous access to the server each time the user changes something and thet happens a lot.When the user logout from the application I save the cookie to the database.
The Q is how to save the settings back to the db - from the client to the server.
because the are a lot of interactin that I want to record.
example scanrios: closing widget,moving widget,resizing menues, ordering columens..
I want to record that actions. if I will fire ajax saving rutine for each action
ןt will be too cumbersome. Maybe I have no choice..
Maybe I should run an asynchronous saving all of a certain interval seconds.
The problem is the cookie becomes very large. The thought that this huge cookie is attached to each server request makes me feel that my attitude is wrong.
Another problem cookies have size limit. It varies from your browser but I definitely have been close to the border - my cookie easily become 4kb
Is there another solution?
Without knowing your code, have you considered storing the users preferences in a/your database. A UserPreference table with columns for various settings is a possibility.
You could update it via AJAX/JSON if you had a 'Save Preferences' option, or just update it on postback.
EDIT 1: After thinking about it, I think having an explicit 'save preferences' button would be beneficial and practical.
Somewhere on your page, where the use edits the things that generate the cookie, put an button called save, then hook up a jQuery click handler. On click, build a CSV string or another method of storing the preferences for posting back to the server, then use $.post to send it back to an action method in a controller.
Once there, store it in the database somehow (up to you exactly how), then return a JSON array with a success attribute, to denote whether the preference storing was successful.
When the page is loading, get the preferences out of the database and perform you manipulation.
Another solution would be to store the user preferences into the session and write some server side logic (like action filter) that would write those preferences as JSON encoded string on each page (in a script tag towards the end of the markup) making them available to client scripts.

Resources