0

I have a javascript/node application that uses cookies to authenticate users to the site. I need to be able to logout users even if their browser window is still open.

I can make their cookies invalid on the server... but that does not log them out until they click on some link in the site, or close their browser window. I need to be able to instantly kick them off the site even while their browser window is still open. Any ideas?

Kenny Johnson
  • 452
  • 5
  • 15

4 Answers4

1

You can try setting up websocket connections. Websockets are basically duplex channels that don't require long polling. Essentially they only communicate when something needs to be done, on either end. For your situation the client side of the websocket connections would listen for specific messages from the server and the application would then react to those changes; in your case it could force a log out.

GenericUser
  • 3,003
  • 1
  • 11
  • 17
0

If you make their cookies invalid on the server, then simply force a refresh with window.location.reload(). Here's the SO question concerning that.

Here's an example I am currently using on one of my projects:

if(getCookie("id") == ""){
    window.location.href = "login";
}

Put that right after the body tag for each of your pages. Then when you expire the cookie...

expireCookie("id");
window.location.reload();

Since you've essentially deleted the cookie, the first script will now redirect the user to the login page.

  • Yep that's the question. How to force the refresh at a certain time of day. Or on demand. – Kenny Johnson Aug 02 '19 at 01:56
  • I was thinking I might be able to use a Cron job to execute a .js script at the right time of day... to force the refresh... but not sure how to make the script run on the web page at the right time.... – Kenny Johnson Aug 02 '19 at 02:07
  • @KennyJohnson I would look at https://stackoverflow.com/questions/4455282/call-a-javascript-function-at-a-specific-time-of-day but instead of an alert, have the reload. As for on-demand, simply make a function that expires a cookie and forces a reload, and whenever you need to call that situation, trigger that function. –  Aug 02 '19 at 14:42
  • Thank you. I actually saw that one but was not sure it was a good solution because it relies on the system time of the users computer. Right? If the user has their system time wrong then the function will not fire at the time I want it to... Or am I missing something? Thanks for your time! – Kenny Johnson Aug 02 '19 at 15:19
  • You're right Kenny. I found a little help in https://stackoverflow.com/questions/53005544/when-the-time-of-system-is-wrong-how-can-i-get-correct-time-in-javascript, but there's no great solution. For the sake of finding a better solution, why do you need to logout users at a specific time? –  Aug 02 '19 at 15:55
  • We are logging them out of a streaming video system when the business those cameras are in closes. Even if we invalidate the cookie on the server... if they are logged in and still have the video playing.... they stay logged in until they click on something. I think I have a different way do resolve it though... Our actual video player will time out after x minutes... then at that they will have to click... at which point they will be loggred out. I would just like to be able to kick everyone off the site at will though. :) – Kenny Johnson Aug 02 '19 at 20:38
  • The best thing to do is simply invalidate cookie and force a refresh at the same time. Users don't have to click and are automatically logged out. I'll provide an example in my answer. –  Aug 02 '19 at 20:43
  • Thanks! A couple questions. Did you post the example? I can't find it. Also, how would you execute this at the specific time? (our closing time) Thanks again! – Kenny Johnson Aug 03 '19 at 01:31
0

I cant understand if you want to redirect them after a while or redirect them after they logout.

If the case is such that you want to end the session after a while, you could set te maxAge of the cookie in order to last the maximum time you want your users to be able to interact with your site. Here is an article about maxAge and expires: HTTP Cookies: What's the difference between Max-age and Expires?

Also, you could set a function that set a time out and next, if you have something like Express-sessions and passaport, you could use the logout(). But I dont recomend this. I think that is better to set the maxAge of the cookies and let the vainilla do their best.

In every case, you could use some helper in your routes that check if there is an active session. This way you could redirect them if the cookie has caducate.

Sorry aboutmy english :)

Lautaro Jayat
  • 394
  • 3
  • 7
0

You need 3 things: mouse movements and keyboard actions, a timer, log out redirect.

  • check for mouse movements and keyboard actions;
  • if there's no activity, you start a timer;
  • when the time is over you redirect the user to logout url;
Paul Istrate
  • 51
  • 5