homepage Welcome to WebmasterWorld Guest from 107.22.78.233
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / HTML
Forum Library, Charter, Moderators: incrediBILL

HTML Forum

    
Browser Cross button
gggxxxggg




msg:614463
 12:20 pm on Oct 3, 2001 (gmt 0)

Comments
Hi ,
We have a system which is browser based.
Since the system needs a fair bit amount of security.. we need to disable the cross button on the browser..and let the user log out through the screen itself...
Can we disable the cross button on the browser..
secondly if this is not possible we need to invalidate the session if he clicks on the cross button...

we need to use some properties of the HTML page to achieve this....
either the form properties or the body properties..
if someone can throw some light on this
would be highly appreciated..
also please note we r not using frames...

 

Brett_Tabke




msg:614464
 12:56 pm on Oct 3, 2001 (gmt 0)

If I understand correctly, you wish to block the user from backing up a page, and not allow them to cache the page. Is that correct?

If so, your best bet would be to start with NO CACHE meta tags or http headers. If you don't have control over the headers the server is sending out, then metatags would be the second best bet. Also, you might consider a secure server as most browser won't cache pages on secure servers.

joshie76




msg:614465
 1:06 pm on Oct 3, 2001 (gmt 0)

Does the X button refer to the 'close window' button? If so, I'm pretty sure there is no way of disabling this.

An alternative is to create a popup using the onUnLoad event. Whilst this is considered naughty on the net it's normally a-ok in trusted applications, especially when it's used to call a page that will mop-up the session (log the user out).

If you're working with IE5+ you can also take advantage of the onBeforeUnLoad event to warn users that they will be logged out and given the option to cancel their action.

Problems with onUnLoad:
You would errr.. need to be using frames to do this! or every time a new page is loaded the onUnLoad event would fire for the previous page.

If you have some server scripting power you can normally listen for some kind of event that signifies the end of a session which can call a mop-up script on the server.

ggrot




msg:614466
 5:23 pm on Oct 3, 2001 (gmt 0)

Those are good ideas. Most systems, as another idea, simply have a timeout value for logging out. If the user has not interacted with the system in say the past 10 minutes, they will be required to log in again.

joshie76




msg:614467
 8:10 am on Oct 4, 2001 (gmt 0)

Yup, it's exactly this 'Timeout' that reflects the end of a session event mentioned above. To give a more detailed example in ASP & VBScript you would simply add a sub like...

Sub Session_OnEnd
**Put your logout code here **
End Sub

...to the Global.asa file. You can configure the timeout period in IIS under properties of the specific application (Properties > Directory Tab > Configuration Button > App Options Tab) - it usually defaults to 20 minutes (of inactivity will end the session).

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / HTML
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved