help with session_onend

chinedu · October 25th, 2004, 07:21 PM

HI, please i need help with my script, i have designed an application which will serve users and keep track of the amount of time spent by each user. This works very well when a user signs out using the sign out hyperlink provided, but when a user "abadons" his session i.e does not perform an operation for 20minutes, i will be relying on session_onend to log him out and deduct total time spent from his account. The problem is that i cannot get session_onend to do that, from what i have read in the forum, it seems session_onend is a bit unreliable, is there a better way to do this? I am using a simple text file to which i use session_onstart to record the log in time, at the end i want to subtract the log in time from the log out time to be determined from session_onend. please help

bmains · October 26th, 2004, 06:42 AM

Hello,

It's kind of hard to track log out time in a web application. Best thing would be track when they click the logout button, but you can't always expect that of course.

Brian

happygv · October 26th, 2004, 07:11 AM

May be you can track, if the user tries to click the window's close button, without logging out. You can google to see if any scripts available to that effect. If so, you can trap that and post to another page where it properly logs the user out and thus track the time. Let me post if I find anything useful.

Cheers!

_________________________
- Vijay G
Strive for Perfection

bmains · October 26th, 2004, 09:02 AM

I think IE has a javascript event for that (not entirely sure)... the problem is whether you can cancel that, redirect, and then close the browser with a function. It is possible that if code tries to close a browser, a message pops up asking the user whether they want to allow it (based on browser security settings).

Brian

chinedu · October 26th, 2004, 02:25 PM

Hi, thanks for the help so far, but i want to understand why code placed in global.asa session_onend cannot work. ie, when the user "abandons" a session, and a session time out period has elasped, why will script placed in the session_onend event not work to log out the user.

psuedo code may look like this

Sub session_onend()
'note abondment time after time out period has elasped
endtime=now()

'write end time to text file

end sub

rajanikrishna · October 26th, 2004, 08:24 PM

Hi

session_onend()

will not be fired when session.timeOut occurs i.e if the session is idle for 20 mts(default).
If you manually abandon session then session_onend will be fired

----------
Rajani

mat41 · October 26th, 2004, 09:20 PM

chinedu

Ahhh another great session post. IMO its a MS floor thats been talked about many times on many forums (this one being the best of course)

I have done this using the onUnload event in the <body> tag:
Submit a form onUnload that calls session.abandon()
BUT
This event gets fired when the browser is refreshed unfortunatly, not ideal and a bit of as half ass solution.

Wind is your friend
Matt

happygv · October 26th, 2004, 09:57 PM

Trapping the close button click might depend on the browser settings, (though I haven't reseached on that) So this might me tricky. I remember something similar to this was discussed sometime back in one of these forums that it is better to store the user online status details in the database. You could search here on that. I could find only a few related to this, you may take a look at those here.

Urgent ! Find Online Users

How to view how many users are on website...

users online

Are you charging the users for the time used?

Let me explain that in brief.

You could record the time a user logs in. (say "LogTimeIn")
Then everytime the user browses any page within the site, record the time in another field, say "LastTimeAccessed". If the user leaves the page as it is for 20 mins(default session timeout), then the session would time out or if the user closes the browser as such without logging out, still you have the time the user last accessed a page on the site recorded into db/text file. This can be used to find the total time spent for his account.

But here the question is, whether to consider the "LastTimeAccessed" as the logout time or not in such cases. May be you can have a logout_flag set to FALSE by default and set that TRUE only if a user leaves the website using the logout button and use that logout_time as "LastTimeAccessed". But for such users who do not logout, but close the browser or leave it as it is more than session timeout, may be you can penalise those users with logout_flag as FALSE with an additional 5-10 mins or so for commiting a crime of not logging out properly.;)

Hope that helps.
Cheers!

_________________________
- Vijay G
Strive for Perfection

happygv · October 26th, 2004, 10:13 PM

Quote:

quote:BUT
This event gets fired when the browser is refreshed unfortunatly, not ideal and a bit of as half ass solution.

In that case, how about comparing ASP filename from the HTTP_REFERER and SCRIPT_NAME servervariables to check if the same page was refreshed again, and execute that piece of code only when those two variables do not contain the same filename in them. That should be useful to get rid of that BUT... scenario.

Cheers!

_________________________
- Vijay G
Strive for Perfection