W3C home > Mailing lists > Public > whatwg@whatwg.org > April 2009

[whatwg] When closing the browser

From: Tab Atkins Jr. <jackalmage@gmail.com>
Date: Mon, 27 Apr 2009 13:39:23 -0500
Message-ID: <dd0fbad0904271139h3b5e939ew28ed019724e7e826@mail.gmail.com>
On Mon, Apr 27, 2009 at 1:24 PM, Ian Hickson <ian at hixie.ch> wrote:
> One option would be to have an attribute, say <body logout="">, which
> causes the user agent to ping the site when the window is closed and there
> are no other windows open to the same origin.
> Of course this would break if the other window in question was open to a
> different page that didn't have the logout="" attribute..
> Maybe it should be invoked if there are no other pages open that have the
> same logout="" attribute?
> This has the advantage of not depending on JavaScript, and not affecting
> the browser's performance (no waiting for sync XHR, etc).
> It would work somewhat like PING does today, though probably using POST.

As an author, I'd definitely use it.  I'd want the second option (ping
when you close the last window with a given logout attribute), as that
would allow me to define 'domains' within the same origin that track
logins separately.

It would be easy to code against the lack of this (just do an
occasional cleanup of sessions that have aged too much, which you'd
have to do anyway in case of nonstandard browser exits), but would
allow better, more reliable security for users with browsers that
implement it.

Trying to handle this through javascript onunload is nontrivial
currently, but @logout would make it both trivial and dependable.

Received on Monday, 27 April 2009 11:39:23 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:11 UTC