Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

session expunged

 
cyril vidal
Ranch Hand
Posts: 247
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I just would like to be sure. A session may not be expunged by closing the window,right?
The only two possibilities:
-The client does not send a request to the web application for a length of time that exceeds the session timeout value of the associated session object in the application.
- Accessing a resource which causes the associated session to be explicity invalidated by making a call to the invalidate() method of the session.
Please correct me if I'm wrong,
Regards,
Cyril.
 
Andy Smith
Ranch Hand
Posts: 239
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes Cyril u r absolutely right...
Sessions are not expunged on the Close of browser window..
only by calling invalidate explicitly or time out...
 
Yorck Zhou
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sessions will be expunged when we close all the window related with the sessions. A session ends when the client left the "conversation".
 
Jayadev Pulaparty
Ranch Hand
Posts: 662
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I too think that session will be closed when the client closes all the browser windows pertaining to that session. Otherwise, once i login to a website with a browser and kill that window, if i connect to the same website again, i should be with a login status already or atleast be shown with my previous session state. I don't think that is the case.
 
Ali Ragi
Ranch Hand
Posts: 60
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I do agree with Andy Smith, and disagree with Yorck Zhou
Quote: "Sessions are not expunged on the Close of browser window..
only by calling invalidate explicitly or time out..."
Further explanation: Because web server has no idea about the activity of the client browser until it receives a request from the client with its session info. If the web server didn't receive any further request from the client because the client close all the windows, it would keep the session until it expires - time out, and then the session is closed. Simple it's that
 
Jayadev Pulaparty
Ranch Hand
Posts: 662
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I see. So storing a session doesn't need to imply that the login, etc. info is stored. So when the user closes the browser, then i may assume that the "user" attribute of the session object gets wiped out, but the session object itself remains on the webserver till timeout. Please correct me for any misconceptions.
Thanks.
 
Mehdi Chaouachi
Ranch Hand
Posts: 87
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Nothing gets "wiped out" of the session object, the session object remains intact and still exists in the server.
You can look at it like this, if the user closes the browser windows he cannot any more contact the server with that same login (baically the cookie gets deleted) but the server has no means to know that the user closed his browser, so it still keeps the session for the user in case he connects again from the same browser window (which is not the case here, becaused he closed his browser). After the timeout period (depending on the server provider, let's say 30 min) the server assumes that since the user havent connected since 30 min the user have closed the browser, so it destroys the session object.
hope this was clear.
[ January 13, 2004: Message edited by: Mehdi Chaouachi ]
 
Edwin Keeton
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
One more way to look at it: the server has no idea about anything you do except when you send a request. The server doesn't even know who you are when you send a request unless you send a cookie or rewrite the URL with a session id. There is no connection between you, the client, and the server after the response is sent.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic