Welcome to WebmasterWorld Guest from

Forum Moderators: incrediBILL

Message Too Old, No Replies

Browser Cross button



12:20 pm on Oct 3, 2001 (gmt 0)

Inactive Member
Account Expired


Hi ,
We have a system which is browser based.
Since the system needs a fair bit amount of security.. we need to disable the cross button on the browser..and let the user log out through the screen itself...
Can we disable the cross button on the browser..
secondly if this is not possible we need to invalidate the session if he clicks on the cross button...

we need to use some properties of the HTML page to achieve this....
either the form properties or the body properties..
if someone can throw some light on this
would be highly appreciated..
also please note we r not using frames...
12:56 pm on Oct 3, 2001 (gmt 0)

Administrator from US 

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 21, 1999
votes: 16

If I understand correctly, you wish to block the user from backing up a page, and not allow them to cache the page. Is that correct?

If so, your best bet would be to start with NO CACHE meta tags or http headers. If you don't have control over the headers the server is sending out, then metatags would be the second best bet. Also, you might consider a secure server as most browser won't cache pages on secure servers.

1:06 pm on Oct 3, 2001 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 10, 2001
votes: 0

Does the X button refer to the 'close window' button? If so, I'm pretty sure there is no way of disabling this.

An alternative is to create a popup using the onUnLoad event. Whilst this is considered naughty on the net it's normally a-ok in trusted applications, especially when it's used to call a page that will mop-up the session (log the user out).

If you're working with IE5+ you can also take advantage of the onBeforeUnLoad event to warn users that they will be logged out and given the option to cancel their action.

Problems with onUnLoad:
You would errr.. need to be using frames to do this! or every time a new page is loaded the onUnLoad event would fire for the previous page.

If you have some server scripting power you can normally listen for some kind of event that signifies the end of a session which can call a mop-up script on the server.

5:23 pm on Oct 3, 2001 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:July 4, 2001
votes: 0

Those are good ideas. Most systems, as another idea, simply have a timeout value for logging out. If the user has not interacted with the system in say the past 10 minutes, they will be required to log in again.
8:10 am on Oct 4, 2001 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 10, 2001
votes: 0

Yup, it's exactly this 'Timeout' that reflects the end of a session event mentioned above. To give a more detailed example in ASP & VBScript you would simply add a sub like...

Sub Session_OnEnd
**Put your logout code here **
End Sub

...to the Global.asa file. You can configure the timeout period in IIS under properties of the specific application (Properties > Directory Tab > Configuration Button > App Options Tab) - it usually defaults to 20 minutes (of inactivity will end the session).