W3C home > Mailing lists > Public > whatwg@whatwg.org > December 2008

[whatwg] When closing the browser

From: Ian Hickson <ian@hixie.ch>
Date: Fri, 12 Dec 2008 20:34:44 +0000 (UTC)
Message-ID: <Pine.LNX.4.62.0812122031040.30197@hixie.dreamhostps.com>
On Fri, 12 Dec 2008, Bil Corry wrote:
> 
> Speaking of 'onbeforeunload' and 'beforeunload' -- it'd be helpful if 
> there was a way to distinguish between the user taking an action which 
> leaves the site vs. taking an action that returns to the site.
>
> For privacy, it shouldn't reveal which specific action triggered the 
> event, but knowing if the user is leaving the site means webapps can 
> finally auto-logout the user, which in turn greatly improves security.

If the goal is auto-logout, then what you describe wouldn't help, as it 
would have false-positives (leaving the site when another tab still has 
the site open) and false-negatives (a crash wouldn't log out the user).

Why do session cookies not address this already?

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 12 December 2008 12:34:44 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:46 UTC