| Re: how to unset session variable when leaving page [message #174743 is a reply to message #174742] |
Fri, 01 July 2011 16:35   |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 7/1/2011 8:00 AM, Denis McMahon wrote:
> On Fri, 01 Jul 2011 05:36:55 -0400, Jerry Stuckle wrote:
>
>> On 6/30/2011 11:41 PM, Martin wrote:
>>> On Jun 27, 7:48 pm, Co<vonclausow...@gmail.com> wrote:
>
>>>> [how do I clear a session when leaving a page]
>
>>> [onunload javascript event calling a server side script]
>
>> Which is not at all reliable. Better to code the server side properly.
>
> Yes it's unreliable, and in this case there is a server side solution
> (after all, the server knows which page is being requested, and the
> referring page, and the contents of any post or get data, so in this case
> there is a server side solution).
>
> However, concerns about relying on javascript aside, using an unload
> javascript event to call back to the server when the page is unloaded is
> as far as I know the only active method that can be used to signal that
> the user has browsed away from a web page, as opposed to passive methods
> based on session timeouts. Yes, I agree that it is not perfect, and it
> needs to be backed up with a session timeout anyway, but it's the only
> mechanism that provides for even a chance of the visitor's browser
> actively telling the server "byebye".
>
> Unless, of course, you have a better method to suggest to us.
>
You code your scripts so they don't depend on the session being cleared
when the user leaves the page. Rather, I look at the incoming data to
see how the page needing the session data was requested, and start from
scratch if it's a new request, i.e. to a search page. Another way when
you have multiple pages in a sequence is to place a token in a hidden
field on each page, identifying where the user is in the series. Not
secure, but it doesn't look like the user is looking for security here,
anyway.
I've never had to worry about clearing the session data when the user
leaves the page.
> There is I believe another flaw in the logic that underlies the OP's
> code, and it's a flaw that caught me out when I started using sessions.
> He needs to consider the possibility that his visitor will have multiple
> pages from his website open at once in different tabs, and these will all
> be part of the same session.
>
> Thus it is possible for:
>
> request page 1 from google search [lastPage = null, ref = google]
> request page 2 from page 1 [lastPage = 1, ref = 1]
> request page 3 from page 2 [lastPage = 2, ref = 2]
> request page 4 from page 1 [lastPage = 3, ref = 1]
> request page 5 from page 2 [lastPage = 4, ref = 2]
>
> If he is tracking the current page in his session data contents, then at
> the point page 5 is requested, he may be assuming the visitor is coming
> from page 4 unless he also tracks the referrer at each request. I didn't
> see any indication in his code that he does this.
>
> Of course, it may not matter, but then if it doesn't matter, I wonder why
> he's worrying about the issue of unsetting session data when the users
> browses to another page anyway.
>
> Rgds
>
> Denis McMahon
Other than the fact the HTTP_REFER is not reliable either, it's ok.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]