Maintaining Sessions in multiple windows/tabs

[Zilflic]

I have a system that is required to force a page to its main section after thirty minutes of inactivity. Then after another hour of inactivity the user is logged out. I have done this using JavaScript, but now have a problem with multiple widows open. When a user is using only one window/tab and leaves the other one inactive for an 1 ½ hours then logging off unsets the first window/tab’s session variables. The problem arises if they are currently editing a page in the active window/tab.

My main question is what is the best way to keep track of the windows/tabs open so that I do not log them out until all tabs are inactive or the user logs off? Would a database counter be the best way?

Thanks!
Ann

----------------------------------
Abartone at gmail dot com

 

[DRJ478]

This is browser specific.
Mozilla/Firefox tabs keep the same session ID. IE instances obtain distinct session IDs as they are individual processes.
WHy don't you rely on the session expiration settings to 'destroy' the session variables? They will be taken out by the garbage collection routine.

Also, there is no way to determine if the browser holding asession is closed or not. That's why the expiration time for sessions is there.

 

[Zilflic]

Thanks, I think we are pointed in the right direction. I would like to share our thoughts on what we are going to do to make sure we are on the right path.

On our edit an item page we are going to redirect them (using JavaScript) to a different page to unlock that record. On a page with the item’s details we will refresh the page and compare timestamps as to if we need to query the database again.

Then following your suggestion we will set the session to expire when the log in. Each time they refresh the page or go to the next page we will take the current time to expire and add 30 min. to that value (with some logic for the item details to not keep them logged in).

The reason for upping the session time is because this system is only on an intranet. Some computers will be shared, which is why we have to log them out after a set time. Other people who do not share the computer would be quite annoyed if they had to login every half-hour.

Its crazy developing for the web-world…

Thanks,

Ann

----------------------------------
Abartone at gmail dot com

 

[jemminger]

>> " IE instances obtain distinct session IDs as they are individual processes."

in my experience, this is not true. windows spawned by an application via javascript or target="_blank" will keep the parent's session id.

furthermore, can you imagine the programming nightmare for EVERY session-dependant site on the web if this were true?




-jeff

http://www.jeffemminger.com

try { succeed(); } catch(E) { tryAgain(); } finally { rtfm(); }
i like your sleeves...they're real big

 

[DRJ478]

jemminger
My statement holds true, but let me explain in more detail: IE instances obtain distinct session IDs when invoked individually and using cookie based sessions.

It is correct that child instances spawned from with a window.open or target="_blank" will retain the parent's cookies.

Cookies that are saved in the cookie cache on the machine are entirely a different story.