I’m building a web app for a company, it’s my 4th year college project. They have an existing application that allows users to log in to a room with their username and the room number. There is no need to persist any user data after their session has ended. So what they have at present is, and this is ll the detail I have at the moment, a database table of current sessions. When a user tries to log in, the db is checked to see if there is a live session with that username, if so they are asked to enter a different user name, if there is no current session with that username they can log in no problem. Now I may be a little off on some of that, but I believe that is roughly what they currently have.
I’m building an app to mirror that, with some added functionality. Is there any way for me to log a user out after they’ve closed their browser. I realize that a server has no way of knowing when the browser is closed. I found a post on here describing how to log users out after their session has timed out. Am I right in saying that if you set the session timeout to be 5 mins, they will be logged out ONLY if there is 5 mins of inactivity? On my app I have some ajax running in the background doing checks every 5 seconds, this is on the main page where users will spend most of their time. There are some other pages with no ajax but it’s unlikely users will spend much time on these ones. So in my case it’s unlikely there will be 5 mins of inactivity cause of all the ajax stuff. What I have in place is, when a user logs out they are deleted from the db. If they don’t log out though, and just close the browser I’m kinda screwed. That means the next time someone tries to log in with that username they will be told to use another name, as that one still exists in the db. I have an alternative I can use, before I implement that I just wanted to know if there is any to achieve this, that is, to delete a user from the db after their session has ended?