What if they just close their laptop lid, or the browser crashes? You can't reliably detect when a user leaves with this method, so you _cant_ use it for anything critical
sure you can, if you combine it with a timeout and/or a way for users to break a lock (and then of course, blocking the original user's session if he comes back anyway)
at least you don't have to wait for the timeout to expire if the user properly closed the application/website, which happens most of the time
