Hi all,
I would like to automatically log a user out if they clear their browser cache, in much the same way that Facebook does. Currently if a logged in user clears their cache, they are prompted to re-login only after they try to perform an action on the site. I would like it to happen automatically.
Is this possible without long-polling or a websocket etc. connection?
Thanks.
Don’t think so because there has to be a way to notify the client that their session has expired/been cleared
Not sure what you want exactly - at least: I am not sure what cache deletion implies exactly for you - if a user can still get pages then I assume the cache is not cleared. If it means that the user is still seeing pages already loaded, and clearing cache implies that the cookies are deleted, something can be done.
Check out my wiki page on monitoring session validity:
http://www.yiiframework.com/wiki/506/checking-for-expired-sessions-logins-on-the-client-side/
Its primary purpose was to check that the session did not expire which is detected through the absence or incoherence of the CSRF token with the expected token.
The cookie validity duration helps to make cookies disappear beyond the authentication validity period.
Further it will also detect logout, and changes in users - but some of the work for that is done in the login/logout procedures that may have been mentionned only partly in the wiki: you have to make sure that the browser cookie/CSRF token is "invalidated".
Finally, if the monitored cookies disappear locally, this is detected and you can set whatever action you like.