Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • June Hoffa 2 posts 22 karma points
    Jan 02, 2018 @ 15:38
    June Hoffa
    0

    Member logout - force member logout if they close the browser

    I have a member section. Once a user logs in they have access to protected content. If the user closes the browser before clicking on the logout button, can I force a user to be logged out? I do have a timeout for the overall website set in the web.config but would like a member account to be immediately logged out if they close the browser.

    Copy Link
  • Steve Morgan 1348 posts 4457 karma points c-trib
    Jan 02, 2018 @ 17:29
    Steve Morgan
    0

    Hi,

    This is a tricky requirement. I can think of a few ways of doing this but they come with pros and cons - I'd be interested to hear with what you end up doing.

    1. Try to detect the browser close event, and call an api to log out. https://stackoverflow.com/questions/3888902/detect-browser-or-tab-closing - PROS: probably the easiest to implement CONS: depends on browser support - no idea if it will work with mobile browsers etc - I think this will be unreliable.
    2. Reduce your member session timeout and somehow extend this on each page load (e.g. if a new page isn't hit in 5 minutes then assume the session is invalid. PROS: Multiple tabs will work. CONS: This won't be on close but will might be "close enough"?
    3. On login store some kind of unique guid to the local storage in the browser and against the user session. If these don’t agree bounce the user to the login page and kill their session on the next hit. PROS: Will work for what you need CONS: Duplicate tabs will probably cause issues here – this will need testing. It will only work on HTML5 browsers.

    I think you probably want to have a go with option 3.

    HTH

    Steve

    Copy Link
  • June Hoffa 2 posts 22 karma points
    Jan 04, 2018 @ 16:44
    June Hoffa
    0

    We ended up creating a surfacecontroller that handled it. Then just used the standard login form that used this surfacecontroller.

    public class NonPersistLoginController : SurfaceController
{
    [HttpPost]
    public ActionResult HandleLogin([Bind(Prefix = "loginModel")] LoginModel model)
    {
        if (!this.ModelState.IsValid)
            return (ActionResult)this.CurrentUmbracoPage();
        if (!this.Members.Login(model.Username, model.Password))
        {
            this.ModelState.AddModelError("loginModel", "Invalid username or password");
            return (ActionResult)this.CurrentUmbracoPage();
        }

        FormsAuthentication.SetAuthCookie(model.Username, false);

        this.TempData["LoginSuccess"] = (object)true;
        if (model.RedirectUrl.IsNullOrWhiteSpace())
            return (ActionResult)this.RedirectToCurrentUmbracoPage();
        if (this.Url.IsLocalUrl(model.RedirectUrl))
            return (ActionResult)this.Redirect(model.RedirectUrl);
        return (ActionResult)this.Redirect(this.CurrentPage.Site().Url);
    }
}

    Thanks,

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft