[whatwg] When closing the browser

On Fri, 12 Dec 2008, Bil Corry wrote:
> 
> Speaking of 'onbeforeunload' and 'beforeunload' -- it'd be helpful if 
> there was a way to distinguish between the user taking an action which 
> leaves the site vs. taking an action that returns to the site.
>
> For privacy, it shouldn't reveal which specific action triggered the 
> event, but knowing if the user is leaving the site means webapps can 
> finally auto-logout the user, which in turn greatly improves security.

If the goal is auto-logout, then what you describe wouldn't help, as it 
would have false-positives (leaving the site when another tab still has 
the site open) and false-negatives (a crash wouldn't log out the user).

Why do session cookies not address this already?

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Friday, 12 December 2008 12:34:44 UTC