Well, first you need to understand that there is no way for the server to know what happened to the client. There is no event generated when the browser is closed or terminated or anything. Your server side code simply has no idea if the client is still there or not.
For your need, it can be done is a pretty simple way, actually. There may be better ways, but this is what I can come up with, right now.
* You keep a flag to indicate whether the user has logged out or not. * When a user logs in, first you check the flag. If it is set, you'll know that the user didn't log out last time. * If it isn't, then he's done everything alright. * After checking, you set the flag to indicate that the user is logged in. * When the user logs out, you reset the flag.
So, even more briefly: * Check the flag on login * Set the flag on login * Reset the flag on logout
Where you store this is up to you, but I guess ordinarily you'd want to put it with the users data in a DB.
Anyone has any other suggestions?
EDIT: Just noticed you want to block login for sometime. You can change this logic a bit to include a timestamp for last login along with the flag. Along with the flag, compare the timestamp for however long you're supposed to lock out the user. If the flag is not set, then he obviously logged out so the timestamp need not be checked. [ September 29, 2007: Message edited by: Tarun Yadav ]
i observed one nice thing ... i tried to login again after somewhere around 2 min in that case my net banking application gives me message like your last logging is not properly terminated and make me unable to access system.
I don't see that as a nice thing. To me that's an inconvenience. If I'm working on something and my browser crashes before I'm done, I would want to be able to fire up a new browser instance and do what I set out to do. That the browser crashed, will mean that I'm already somewhat irritated because of what's going on with my local system. Seeing a message like that, at that point, would put in a really bad mood and insure that I'm not happy with that bank for the day. What's nice about that?
I'm guessing this is a side effect of a 'feature' designed to keep more than one person from logging in with the same user name and password at the same time. When you tried to log in the second time, the application probably checked to see if there was already an active session with your user name and refused access until it expired.
1] user logged in my login controller or service object will use following business logic when user is authenticates i]when username password provided by user matche with any record in my user table i will keep that record in HttpSession in some value object ii]i am updating flag for user record that he/she logged in and updating his last logged in time
now consider following 2 scenarios 2.1]user is using my application and then he clicks logged out i] in my logout service or controller i will update flag for user record that he has logged out ii]i will terminates user's HttpSession object here we get success as we expect
2.2]user started application and browser is idle for long time i]session get terminated imp note i observed one thing although my session is terminated HttpSession object is not null
is there is any way that when server terminates user's session how to update this user is logged out
i.e. is there is any way that when server wants to terminate user session my code will intercept and updates is logged out flag in database
[ October 01, 2007: Message edited by: ganesh pol ]
Before we can comment, you'd have to tell us what you're trying to achieve. Are you looking to keep people out of the system until their past sessions have expired? If so, why? What would this accomplish; other than annoying your users?