You cant. Session dont get invalidated when you close a window. Try logging in to yahoo and then disconnect from the internet. Connect to the internet again and you will still be able to access your inbox because the session on yahoo's servers are still active.
Use invalidate() to invalidate sesison. If you would like them to time out use the setMaxInactiveInterval() or setMaxAge() functions to invalidate them. Use can declaratively define the time out using the session-timeout element.
I guess it has been answered many times in this forum. Sessions are object created at the server end and they do not travel to the client side.Only the sessionID gets transfered to the client for tracking the reponses from one flow of interaction.In case you close the browser , the session object will still be there till the session timeout interval.
Hmmm, I'm a bit confused or maybe not. I thought if I closed the browser entirely - all windows in the same process - the browser lost the session ID and a new browser process could not resume using the same session. Is that wrong?
A good question is never answered. It is not a bolt to be tightened into place but a seed to be planted and to bear more seed toward the hope of greening the landscape of the idea. John Ciardi
The session id is sent throught cookie. This may be the case that the cookie might be existing even after the closing the web browser. you can do two things for this -- 1- Clear the cookies . 2- if you want your application make in such a way as it does not allow to sign in again automatically. while processing the jsp take the JSESSION_ID cookie and setMaxAge(-10). In this case cookie will automatically deleted as soon as the browser is closed .
You will get the desired result
posted 12 years ago
Originally posted by salil verma: The session id is sent throught cookie. This may be the case that the cookie might be existing even after the closing the web browser.
Session cookies are not saved at the client end.The only solution to this is onclose of the browser send a AJAX request to a servlet in the server (As suggested by Prabhu V) , which would invalidate the session , but this is also not a good solution as client side scripting sometimes behaves differently. ;-)
I think you can do it without Ajax technique. Do the following...
1. First create a simple JSP where you will check the current session. If session is there, invalidate it and if not do nothing. but the page should be closed on body load like <body on load="window. close()">. The session checking code should be before this body tag. The result JSP some thing like this
Then see the magic.
Good luck. Prasad [ November 29, 2006: Message edited by: Prasad Babu Dandu ]
Originally posted by Stan James: Hmmm, I'm a bit confused or maybe not. I thought if I closed the browser entirely - all windows in the same process - the browser lost the session ID and a new browser process could not resume using the same session. Is that wrong?