Re: How to detect that user closes the user-agent window ?


Luke Matuszewski wrote:
> Ok here is a solution (based on hidden popup window):
> We want to detect that page.html was unload'ed by exiting browser
> window and not by reloading or going to another page.

Well, it is rather old sniffing trick to know where user are going from
your page. It was one (but not the only one) of reasons why popup
blockers killed the window.open() technics this year. Did you try this
way on any modern configuration from the web (not from your local
drive)? Firefox 1.x anywhere, IE 6.0 XP SP2 etc.

As I said several time, session state in browser is very opposite to a
usual desktop application. You don't ask user to save a file, or stay
on the surrent page or lock some action until another action is
finished. You don't do it because you simply cannot do it in the
browser. And if you find a way then it will be some privacy or security
exploit which will be eventually fixed.

The only way you can handle reliably a session based navigation (where
a transaction goes through a set of page / forms) is the *state
snapshot*
You have this mechanics for IE (userData behavior), you have it now in
FF (XPCOM) and W3C are finally started to put it all together. To give
a closest analogy think of a notebook. Usually you can simply close the
cover and it goes off. But the next time you open the cover and in few
seconds you're getting the system in that exact state you had last
time.

State snapshot works the same way: onbeforeunload system makes unstand
snapshot of all registered "state keepers" (form elements, pictures,
text) and user leaves to wherever she wanted without delay and without
any unwanted harassement from your part.
But the next time she comes back (if ever) the page will be in that
exact state as before leaving including every single switch position in
the form.

It is a bit unusual in comparison of desktop applications management
and it is more labor intensive then simply spit out an alert "Stay here
or your data will be lost". So I predict that people will try first all
other tricks before admit that this is the only way :-)

Of course there is always an old good way with server-side session
file. It is very reliable, but I'm talking about client-side solutions.

.

Relevant Pages

  • Re: ASP sessionstate
    ... ASP doesn't know or care what browser it ... ticket number given when the first item is added to the cart. ... How can a Response.Write write to the server screen? ... :> delete the cart file and set the session ...
    (microsoft.public.inetserver.asp.general)
  • "Compaq Web Agent" management session can be re-used without the need to perform authentic
    ... destructive actions (as server reboot). ... Compaq Web Agent Service 6.0.0.0 using Compaq HTTP Server 5.1.0 on ... servers via a secured HTTP session from a browser client, ... via a legitimate authenticated SSL session - if he closes the session by ...
    (Bugtraq)
  • Re: Attempt to de-mystify AJAX
    ... >>maintaining a session via URL is not a problem. ... >> around cookies and JS, but it seems to be tough. ... >> as needed back to the server. ... but as I mentioned before - a non-dynamic request by the browser can ...
    (comp.databases.pick)
  • Re: Problem with a session
    ... Your first posting was a bit vague, but now I understand your problem. ... the POSTDATA and sets againg the session variable to true and anyone ... This IS a real problem, and you cannot 100% solve it. ... try to tell the browser NOT to chache it. ...
    (comp.lang.php)
  • Re: php session without cookie useage
    ... >>> browser or the application to maintain the state if needed. ... >>> transfer a session key created on login to subsequent pages via a POST ... >>> browser via a cookie or via POST or GET. ... > That may block legitimate users using a round-robin proxy (different ...
    (comp.lang.php)