Re: [OpenBD] Detect Page Reload

['Alan Holden' via Open BlueDragon]

Nice. If these folks would be so advanced as to tamper with the keys - then I would not warn them with any specifics as to WHY you're dropping them. Al On 6/25/2014 2:10 PM, Ernest McCloskey wrote: I should have noted I use it to detect refresh, and use session variables to look for tampering. I gave some thought into the problem you are list below.  My issue is, I run an interactive session based system.  And given that connection problems or even a person's impatience in thinking things should be occuring, they hit refresh.  I had originally set it to kick them when they did reload, but it wasn't until I ran into a slow connection on a test one time that I realized that that wasn't going to work with what I was doing, since i hit refresh to get some of the images to load and it dumped me out of the session. That's where the confirmation script come into play. It asks them if they want to refresh the page or exit.  That way if they were impatient it would leave them in the system and re-request (without session reset) the information.  Of course it won't work on a non _javascript_ enabled browser, but then again the site needs _javascript_ to work (no way around not having it).  And if they tried to force a session reset the keys I set in session won't match and it drops them for tampering with a warning. :) On 6/25/2014 4:53 PM, Marcus F wrote: Yep, that's exactly what I suggested. Set a session variable and act accordingly. Since we don't know exactly what you're doing, we can't give much more detailed advice. On Wednesday, June 25, 2014 3:39:17 PM UTC-5, Al Holden wrote: Client-based solutions - like _javascript_ - will only work if security is not important. Folks who wish to bypass client scripting and make another http request will be able to do so by manipulating a client device; thus extending a CFML session. CFML Sessions are designed to be extended whenever another request is made (no http request - new page, reload page, httpAsync request, whatever). They are designed to expire only after a period of inactivity - as in no request at all. You'll need a separate (session) variable (in a session which lasts longer than your special test) or cookie, which stores a datetime from their last request, so only you can update it, and you can do your own security magic with it. If THAT time has passed, or the parameter is missing entirely, then force your logout. Al Holden On 6/25/2014 1:29 PM, Marcus F wrote: MiniFireDragons solution should work, assuming _javascript_ is turned on, and that the users aren't deliberately trying to extend the sessions. On Wednesday, June 25, 2014 3:02:36 PM UTC-5, MiniFireDragon wrote: it's _javascript_, and window._onbeforeunload_ = confirmExit; function confirmExit() {     if( $j('#fader').css('display') != 'none')return 'Do you really want to exit?'; } I used jquery for this of course.  What I did is I set a flag. A semi transparent black background that opens when I am in a place where i don't want to exit. On 6/25/2014 1:28 PM, Skellington wrote: Hello, Is there a tag or function to detect a page reload? I found that if someone reloads my main index.cfm their session which is supposed to be expired is extending the session. If someone hits reload I would like to log them out. Thanks, Charlie -- -- online documentation: http://openbd.org/manual/ http://groups.google.com/group/openbd?hl=en --- You received this message because you are subscribed to the Google Groups "Open BlueDragon" group. To unsubscribe from this group and stop receiving emails from it, send an email to openbd+un...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- -- online documentation: http://openbd.org/manual/ http://groups.google.com/group/openbd?hl=en --- You received this message because you are subscribed to the Google Groups "Open BlueDragon" group. To unsubscribe from this group and stop receiving emails from it, send an email to openbd+un...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- -- online documentation: http://openbd.org/manual/ http://groups.google.com/group/openbd?hl=en --- You received this message because you are subscribed to the Google Groups "Open BlueDragon" group. To unsubscribe from this group and stop receiving emails from it, send an email to openbd+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- -- online documentation: http://openbd.org/manual/ http://groups.google.com/group/openbd?hl=en --- You received this message because you are subscribed to the Google Groups "Open BlueDragon" group. To unsubscribe from this group and stop receiving emails from it, send an email to openbd+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- -- online documentation: http://openbd.org/manual/ http://groups.google.com/group/openbd?hl=en --- You received this message because you are subscribed to the Google Groups "Open BlueDragon" group. To unsubscribe from this group and stop receiving emails from it, send an email to openbd+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.