I have asp.net web site in which user can login and also do logout
Now i need to capture the total time duration for which user was logged-in to the site.
So to do this i need to know two things
1. Login time
2. Logout time
At the time of login i can get the first thing which is "Login time", thats fairly easy
Now the second thing is more complicated. How do i update the Logout time? I know i can update it on the logout button but what if user directly close the browser?
I have setup the global.asax file but i dont think "Session_End" event will fire on closing the browser.
I have seen some of the website in which where you close the browser window it shows on dialog saying something like "press Ok to stay on the page OR press "Cancel" to stay on the current page". I am thinking i can use the UpdatePanel's PageMethods to do my task here. Is this possible? If yes then how?
Do you guys have any other idea to find out the total logged-in time for the user?
Thank you.
I haven't tried this but you can use the Window Close Event of the browser and make an ASP.net AJAX call to the server using AJAX page methods to end the Session, which you can catch in the Session_End event in global.asax file of your application.
There are some problems with this approach as the Window close event is not 100% guaranteed to fire, because the user can simple end the process using task manager.
Check https://stackoverflow.com/q/1824486/507184 for a jquery based solution for detecting browser close event
You can capture exactly time from login to logout. If your users login, then user logout after complete their work.
You cannot capture extracly time from login to logout. If your users login once, and never comeback, or they clear their browser cached and login again ....
So, the best way to do that, You check user's access every 15 minutes. Last 15 minutes, your users don't do anything in your site, you assume that they logged out.
Related
When the logged-in user clicks on the browser back button, he falls back to the login page from the main page he entered. And this happens without being routed in any way and running the controller functions because the browser's cache is loaded. I tried to clean all cache via middleware, but it didn't happen. Then, if the user tries to fill in his information from the login page and enter again, 419 page expired error is coming. I tried to do this with session checking method. I gave a key to the session, but the controller didn't recognize the key in the session because it didn't work. I looked through the history library (history.js) but couldn't find the solution as I wanted. My aim was to log out when the user presses the browser back button and show a box like Are you sure you want to exit, and then allow him to log in again. unfortunately, I couldn't do this in laravel I really need help and I can't find solution I think it can be done with AJAX or JS but I'm not sure. I am suffering from this situation for days. Your help will be rewarded. Thank you to everyone who has already read.
I have a problem and after some research online was unable to find other people with this same issue.
I'm designing a site that has sensitive data the user's work with in the page content. It uses CodeIgniter as well as CodeIgniter's session and cookie implementations to track user activity and determine when a session has expired. when sessions expire, the user has to log in again either through a sign-in portal or through a sign-in popup.
My issue is if someones working on their computer then just gets up and walks away from the browser, the session expires, but they didn't realize the session would expire then return to their computer to finish their work. There is a regular ajax call that checks if the user has been inactive, and if the time threshold is reached their session data will be erased and the session is no longer active. There is then a popup window prompting the user to sign in again if they want to keep working.
The problem is, how do I protect any sensitive data in the HTML in the meantime? You might think if the session expires just redirect the user away from the page, but if they're in the middle of something I don't want to erase all of their work. I could try just hiding the HTML using javascript, but then someone could just open the inspector to see the HTML. is there some way I could prevent anyone from seeing the page data at all unless the sign in a popup is completed?
Thanks for any input.
I don't know of anyway to protect their work like you're asking.
I'd suggest saving the users work in a draft format, as they enter it. Then if they walk away and get logged out it doesn't matter, the work is still there when they log on next.
In my project, when user logs in, then I make an entry in A table Called LogTable and show it to the Admin Page that this user is online. And when user clicks on the log out button, then I delete data of that user from the log table, so this user is not shown online to the admin.
Now the main problem is that if user will close his browser without clicking that button, then how to delete those data.
Or what can be other way to achieve it in the best way?
I want that if user logs in from one system and tries to login from another system, then firstly we show that you are logged in another system and if she/he clicks on retrieve, then her/his other login automatically logs out and she/he has to login again.
Integrate your c# with javascript, javascript detect browser close, if you want to delete your data from db then you have to make http request for deleting data in this function. Try to interate it or make xml ajax request when browser is closing.
$(window).bind("beforeunload", function() {
return "write your code over here for deleting data.";
})
I would suggest reading up on the ASP.NET life cycle here and here.
Usually, we store that information using Session state.
The session is created for each user individually and will be automatically destroyed after a certain amount of inactivity or after the user has moved away from the page.
You could possibly use Application state.
But application state is shared among all users and persists until the last user has navigated away from the site.
I hope this helps :)
How to send user to a login page if his account logged in from another device / browser (without waiting for a page refresh)?
I want the page to be available at the same time in only one browser at a time. If a user entered from somewhere else, the previous device must be forced to open authorization form.
I think is possible to use something like Server-sent events, but this method is not supported in IE, and I do not know how to use it.
I would be grateful for the help.
I've been banging my head against a wall with this one for way too long now.
I have a page outside facebook, with a like-button. Because it should be on a public computer, we also need a visible logout-button. When "like" is clicked, the user is prompted for login credentials. If those are ok, the like-event goes through ok. The user then should be able to log out. Which doesn't work.
The like button is now an -element. When clicked, it creates an edge.create-event that I can catch nicely.
For Logout button, i've tried 2 options.
First one:
<fb:login-button autologoutlink="true"></fb:login-button>
problem with this is, the link stays as "login" even after the user has logged in through the like-link, even after page refresh.
and a plain button, that triggers
FB.logout(function(response) {
cout(response);
});
This returns an error "FB.logout() called without a session." this seems to be because the user hasn't authorized the application. So the application has no rights. Both logout-options work fine IF the user has authorized the application. Problem is, this is only asked when the "login"-button is clicked. In this use case it wouldn't make sense for the user to first login and then click like.
Any ideas how to get the logout to work without getting the app authorization from the user?
Or how to make "like"-button in a way that it will ask for the app authorization?
I don't think it is possible.
You can check if somebody is currently logged in to facebook but not your up, that's about the most you can do. If a user is not authorized your app then you can't do anything with their login session (or data).
I don't think you should worry about public computers though, it is facebook's problem after all, not yours. If a user checks "remember me" on a public computer during login then they most likely won't click your logout button either.