Use invalidate() to invalidate sesison. If you would like them to time out use the setMaxInactiveInterval() or setMaxAge() functions to invalidate them. Use can declaratively define the time out using the session-timeout element.
Sessions are object created at the server end and they do not travel to the client side.Only the sessionID gets transfered to the client for tracking the reponses from one flow of interaction.In case you close the browser , the session object will still be there till the session timeout interval.
you can do two things for this --
1- Clear the cookies .
2- if you want your application make in such a way as it does not allow to sign in again automatically. while processing the jsp take the JSESSION_ID cookie and setMaxAge(-10).
In this case cookie will automatically deleted as soon as the browser is closed .
You will get the desired result
Originally posted by salil verma:
The session id is sent throught cookie. This may be the case that the cookie might be existing even after the closing the web browser.
Session cookies are not saved at the client end.The only solution to this is onclose of the browser send a AJAX request to a servlet in the server (As suggested by Prabhu V) , which would invalidate the session , but this is also not a good solution as client side scripting sometimes behaves differently. ;-)
I think you can do it without Ajax technique. Do the following...
1. First create a simple JSP where you will check the current session. If session is there, invalidate it and if not do nothing. but the page should be closed on body load like <body on load="window. close()">. The session checking code should be before this body tag. The result JSP some thing like this
Then see the magic.
[ November 29, 2006: Message edited by: Prasad Babu Dandu ]
Originally posted by Stan James:
Hmmm, I'm a bit confused or maybe not. I thought if I closed the browser entirely - all windows in the same process - the browser lost the session ID and a new browser process could not resume using the same session. Is that wrong?
That's my understanding too.