How to identify that the user is not logged off without having clicked the logout button?

Question

How to identify that the user is not logged off without clicking the logout button using jQuery or javascript.

Here I need the logout button to appear when the user is not logged off when pressing the back button in the browser to go back to the previous page .

Here is my logout button:

<a id="webviewbtn" href="#"><img src="img/logout.png" style="float:right;" /></a>

If a user doesn't click on logout button, then surely the user is not logged out right? Or you mean something else entirely? o_O — Andreas Wong, Apr 05 '12 at 08:58
i need that its my previoues page the logout function will appear — Raj, Apr 05 '12 at 09:00
You mean tracking user's state? You'll need to use a server side language help — Andreas Wong, Apr 05 '12 at 09:01
Here i need the logout button if i back to my previous page will appear when the user is not logged off — Raj, Apr 05 '12 at 09:01

score 1 · Answer 1 · answered Apr 07 '12 at 18:24

I would prefer a method, which does not need a async call to the server, to save resources.

Once you are logged in your system will set a cookie with the session id. you may also set a cookie with through your backend, which can be used to determine wether a customer is logged in or not.

//using php here
setcookie('customer',1); //customer is logged in

setcookie('customer',0); //customer is not logged in

on your frontend you may use jquery/javascript to check for that status. I am assuming here you have the jquery cookie plugin included https://github.com/carhartl/jquery-cookie

if ( $.cookie('customer') === 1 ){
    $('#webviewbtn').show(); //show logout button
}
else{
    $('#webviewbtn').hide(); //no logout button needed
}

in that szenario it is really important, that the 'customer' cookie has the same domain AND the same duration as the session cookie. Otherwise returning customers may have the customer cookie still set to 1 but the session cookie is already out of date. Also all actions called from the customer need to be verified in the backend, to verify that the state customer === 1 is still valid there. Otherwise you have a big security issue, since everybody can set that cookie to 1 :)

score 0 · Answer 2 · answered Apr 05 '12 at 09:14

When performing any form of action on your webpage, have a method call async or synchronously a webservice that validates the user.

If the server returns an okay message then user would still be logged in. This action can be performed when rendering the logout button or when the user performs any other "important" action.

You can also store information in a cookie with an expiration time. This can then be managed that if you press the backbutton in the browser the cookie is cleared and the user is logged out or what have you.

There are a lot of possibilities of this implementation and unfortunately I don't have a "best practice" case here to offer you.

Unfortunately not. I'm providing you with solutions on a conceptual basis not with code. You have to write an implementation that suits your needs not modify my code so it fits. — Henrik Andersson, Apr 05 '12 at 09:33

How to identify that the user is not logged off without having clicked the logout button?

2 Answers2