• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Browser close session destroy

 
Ranch Hand
Posts: 85
Eclipse IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have been working login handle by jsf,Spring and hibernate. I have created a login. but when i close the web browser user session still exist in web server. so that user can't log again until 30 min.
I have added following code part in web.xml



So what i want to do is that when user close browser or restart computer invalidate (User log session)the session in server side and allow that user to logging again. Please give me idea how to do my requirement?
thanks in advance
 
Saloon Keeper
Posts: 27764
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is no way using server-side code to force the client to make one last server request when a browser is closed. And, in any event, there are too many ways for such a process to fail, starting with a simple browser crash and moving on up from there. For one thing, it takes more than closing a window to shutdown a browser.

Unless something really strange is going on, your sessionid cookie should have been destroyed when the final browser window closed, however. That would mean that even though the session object still existed and still held resources, the user wouldn't be requesting that session when restarting the browser and a whole new session would have to be built. When using the J2EE standard container-managed security system that would be sufficient to force the user to log in again.

So, presumably you're using a Do-It-Yourself login system. As I've said many times before, DIY systems are buggy, expensive, and insecure and should be avoided.

And, if by chance, you're manually meddling with the jsessionid appendage to the URL, I think that would explain why you're not discarding the old session when you should be.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic