Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Spring mvc-Destroy Session after closing the browser?

 
selva raja
Ranch Hand
Posts: 69
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear All,

In spring MVC application after a user has logged in , a session is started.The session is destroyed after user clicked :Log out button.
when the user forgets to logout and closes the browser immediately, the session still exists because when the user open the browser again and comes back to the site he/she is still logged in.

I want the session to be destroyed when the user closes the browser immediately.

Is there a way to destroy a session.?

Thanks,
SR
 
Nathan Pruett
Bartender
Posts: 4121
IntelliJ IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HTTP communication doesn't work this way. Simply set the session timeout to something sensible.

There are various attempts to do this through Javascript, Applets, or Flash - but these don't always work as the user may have an incompatible browser, Javascript turned off, or not have the appropriate plugin installed - so you have to fall back on setting the session timeout anyway.

This isn't specific to Spring, so moving to the Servlets forum.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65218
95
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please SearchFirst -- this issue has been addressed countless times and the conclusion is always the same: you cannot reliably do this. Just rely upon the session time-out as Nathan suggested.
 
Gaurav Sagar
Ranch Hand
Posts: 97
Java MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A session reference is stored at the client side in the form of cookie which in case of session is named "sessionid" and contains some numeric value. The cookies are always stored into the browser's temporary data storage.

Coming to the point, the default age of the session cookie is always "-1", which means that the cookie gets deleted, as soon as the browser instance is destroyed.
This simply means destroying the only reference to existing session. Henceforth, the previous session in not retrievable. So, if you are being able to retrieve a session even after the browser instance is destroyed(closed), then make sure that you have not tampered with the default value of the session cookie, by passing some positive integer value to the cookie.setMaxAge(int), which would mean that the cookie would persist at the client side for that number of seconds you passed as the int to the method.

If that is not the case, make sure that you are not using URL Rewriting in your web-application, which appends the session-id at the end of the url(usually done when cookie support isn't present). This means that if you are copying the link address(containing the session-id appended) and pasting in your browser's address bar, the session could always be retrieved if it hasn't timed out.

Finally, one should always use session time-out feature in the deployment descriptor, this saves resources and reduces load onto the web server besides being customizable.

 
Ravi Kiran Va
Ranch Hand
Posts: 2234
Eclipse IDE Firefox Browser Redhat
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi , this is the code i ahve found it that works fine under IE 6 , dont know aboout other versions and other browsers

 
selva raja
Ranch Hand
Posts: 69
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks.

Is it possible to implement in banking web site?

Thanks,
SR
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic