Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

session invalidation of an active user

 
saxena Amit
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In multiuser environment suppose a user close the browser
then his/her session is still active till session timeout.
Before session timeout if s/he wants to
login again,i want to invalidate his/her earlier session
hows that possible ?
 
sawan parihar
Ranch Hand
Posts: 250
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In multiuser environment suppose a user close the browser
then his/her session is still active till session timeout.
Before session timeout if s/he wants to
login again,i want to invalidate his/her earlier session
hows that possible ?


How are you handing the session by URL rewriting or by cookies.
 
Anand Wadhwani
Ranch Hand
Posts: 151
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Amit,

You must have a method where you are validating user login, e.g. method is boolean validateUser(request,response)

In this method you can have following code to invalidate the existing session and create new one:


Hope this helps.
 
AmitKumar Jain
Ranch Hand
Posts: 95
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
***********
In multiuser environment suppose a user close the browser
then his/her session is still active till session timeout.
***********
As far as my knowledge is concerned, session ends once the browser is closed.. (it does not matter if cookies or URL re-writing is used)...
unless the user has opened a new browser from the earlier page.

I don't understand how the session would remain active even when browser window is closed?
 
Anand Wadhwani
Ranch Hand
Posts: 151
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Amit J,

There is no way for container to know if a perticular client has closed his browser, therefore his session object would still remain valid until session timeout occurs for that session object.

Amit S,

I am sorry abouot mentioning cookie for of auth-token, of course custom-cookie based session would automatically invalidated once browser is closed. Again depends on type of cookie, if cookie is persistent cookie then reopening the browser will send the persistent cookie (if alive) again and server will identify the session!
 
sawan parihar
Ranch Hand
Posts: 250
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As far as my knowledge is concerned, session ends once the browser is closed.. (it does not matter if cookies or URL re-writing is used)...
unless the user has opened a new browser from the earlier page.


This is wrong. Session ends when you explicitly invalidate it or it times out. Closing the browser won't end the session.

Hey saxena Amit : I would like to know that why you want to do something like this. I mean I am just curious is it some requirement or something else.

[ June 26, 2005: Message edited by: sawan parihar ]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic