Sunday, January 21, 2007

Detecting Javascript .focus() in iframes to Detect Logged In Status (IE only)

I've been playing around with a lot of ways to detect if users are logged in, but I haven't published many of them so here's yet another way to detect if users are logged in.

One thing many sites (google sites in this example) do is use the Object.focus() method to set the focus to a login form.

And in IE; if the object getting focused on is in an iframe, the iframe also gets focused on, which is an event which we can easily detect, so if we have an iframe to which there is no way a user can themselves set the focus to, and it gains focus, this should tell us that the content of the iframe set the focus to something, and the user is therefore not logged in, if after a few seconds of it being loaded but not gaining focus we can very safely assume it didn't try to, and the user is therefore logged in.

Here's a quick PoC for Orkut:

<html>
<body>
<script>
var logged = true;
function check () {
    if (logged == true) {
        alert('You ARE logged into orkut');
    }
}
</script>
<iframe src="https://www.orkut.com/News.aspx" onFocus="if (logged == true) { alert('You are NOT logged into Orkut.'); logged = false;}" onLoad="window.setTimeout ('check()', 1000);" width=0 height=0></iframe>
</body>
</html>

2 comments:

Frederic said...

Doesn't work in Firefox

kuza55 said...

Ummm,yeah, that's why the title says "IE Only", and why I start the third paragraph with "And in IE".