- From: Tab Atkins Jr. <jackalmage@gmail.com>
- Date: Mon, 27 Apr 2009 13:39:23 -0500
On Mon, Apr 27, 2009 at 1:24 PM, Ian Hickson <ian at hixie.ch> wrote: > One option would be to have an attribute, say <body logout="">, which > causes the user agent to ping the site when the window is closed and there > are no other windows open to the same origin. > > Of course this would break if the other window in question was open to a > different page that didn't have the logout="" attribute.. > > Maybe it should be invoked if there are no other pages open that have the > same logout="" attribute? > > This has the advantage of not depending on JavaScript, and not affecting > the browser's performance (no waiting for sync XHR, etc). > > It would work somewhat like PING does today, though probably using POST. As an author, I'd definitely use it. I'd want the second option (ping when you close the last window with a given logout attribute), as that would allow me to define 'domains' within the same origin that track logins separately. It would be easy to code against the lack of this (just do an occasional cleanup of sessions that have aged too much, which you'd have to do anyway in case of nonstandard browser exits), but would allow better, more reliable security for users with browsers that implement it. Trying to handle this through javascript onunload is nontrivial currently, but @logout would make it both trivial and dependable. ~TJ
Received on Monday, 27 April 2009 11:39:23 UTC