• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Liutauras Vilda
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Saloon Keepers:
  • Scott Selikoff
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
  • Frits Walraven
Bartenders:
  • Stephan van Hulst
  • Carey Brown

Killing session when closing the browser

 
Ranch Hand
Posts: 518
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I am trying to kill the session when closing the browser without logging out properly. But i am unable to kill the session. I am posting the code

index.jsp:



UsingSession.java:



Logout.java


Please assist me to do this.

Thanks

 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
While you didn't say what's happening and what is or is not working, I'm curious what the reason for wanting to invalidate the session is. It happens automatically after whatever period is set in the web app anyway; is there a need to accelerate that process?
 
preethi Ayyappan
Ranch Hand
Posts: 518
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for your reply. If the user closes the browser without logging out properly, Their session has not been killed and if they try to login again they are not able to login to the form. We need to restart the tomcat again. To overcome this I am trying to accelarate the session kill function to kill the session which logs out properly. Am i doing wrong? Is there any other way to solve this?
 
Sheriff
Posts: 67752
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Let the session timeout do its thing.
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If you need to restart Tomcat then you're definitely doing something wrong.

If a session already exists, then the user should not need to log in again. The web app should not even show the login page to anyone who is logged in already.
 
Ranch Hand
Posts: 71
Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Ulf Dittmer wrote:If you need to restart Tomcat then you're definitely doing something wrong.

If a session already exists, then the user should not need to log in again. The web app should not even show the login page to anyone who is logged in already.



Ulf Dittmer told you right and the way how it should work.
But if you really want to kill the session whenever, user closes his browser, you need to go through javascript, because server has no idea of this event.
 
Bear Bibeault
Sheriff
Posts: 67752
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Sudhakar Sharma wrote:But if you really want to kill the session whenever, user closes his browser, you need to go through javascript, because server has no idea of this event.


Neither does JavaScript.
 
Ranch Hand
Posts: 35
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello. I understand that there are better ways to solve what you are trying to do. Nevertheless here is a very simple idea (Please, if I am wrong, someone correct me):

in the login jsp you could use a little code like this to kill your session. If you do it, you assure that the user is not in session when the browser is closed, but when the user is trying to re-login:

<% request.getSession().invalidate(); %>
 
Bear Bibeault
Sheriff
Posts: 67752
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Scriptlets in 2011?

In any case, visiting a login page is not the same a closing the browser.
 
Sudhakar Sharma
Ranch Hand
Posts: 71
Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Bear Bibeault wrote:

Sudhakar Sharma wrote:But if you really want to kill the session whenever, user closes his browser, you need to go through javascript, because server has no idea of this event.


Neither does JavaScript.



Can't we use javascript to send another request, when browser is closed, to a servlet that is responsible for invalidating the session.
or
the code inside javascript


then how we invalidate the session immediately after the user closes his browser? Please help
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Won't work because the user may be looking at a completely different tab when he closes the browser.

Face Facts - there is no certain way of detecting that the user just closed the browser.

Therefore - you will have to depend on the built in mechanisms to time-out the session.

Bill
 
Ranch Hand
Posts: 220
Eclipse IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Bear Bibeault wrote:Scriptlets in 2011?

In any case, visiting a login page is not the same a closing the browser.



Which Java Technology you offer other than Scriptles in 2011 ???
 
Bear Bibeault
Sheriff
Posts: 67752
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Tuna Töre wrote:

Bear Bibeault wrote:Scriptlets in 2011?
Which Java Technology you offer other than Scriptles in 2011 ???



The JSTL and EL where introduced with JSP 2.0 in 2002! That's almost 10 years ago.

Scriptlets in JSP have been discredited since then -- long since time to move on!
 
Tuna Töre
Ranch Hand
Posts: 220
Eclipse IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

preethi Ayyappan wrote:Thanks for your reply. If the user closes the browser without logging out properly, Their session has not been killed and if they try to login again they are not able to login to the form. We need to restart the tomcat again. To overcome this I am trying to accelarate the session kill function to kill the session which logs out properly. Am i doing wrong? Is there any other way to solve this?



You should get the session in every jsp pages in the correct way and after getting session correctly, system app. users can use the system without having problem and dont need to login for the second time to server. Moreover you dont neet to restart the Tomcat App. Serv.

There is an example jsp code to get the user session;



As far as I know, there is no way to call a Servlet Method by detecting browser close event. Forexample; in many Banking applications you should see a button to close the Session in a secure way. The user should click this button to close the session or the session times-out by server.

 
Bartender
Posts: 10336
Hibernate Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


As far as I know, there is no way to call a Servlet Method by detecting browser close event. Forexample; in many Banking applications you should see a button to close the Session in a secure way. The user should click this button to close the session or the session times-out by server.



There is a way to do it - you hook into the window.onunload event. However, saying something can be done and something should be done are different things. This will only work if the browser is closed normally. So if the process is killed, the browser crashes, the browser has JavaScript disabled or the plug is pulled from the client machine no request will be sent. So relying 100% on this method to invalidate the session is foolish.
 
Bear Bibeault
Sheriff
Posts: 67752
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Moreover, the onunload handler is called whenever a page is unloaded. So there is no way to tell the difference between the browser being closed, and simply navigating to a new page.
 
Bartender
Posts: 1845
10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Tuna Töre wrote:
There is an example jsp code to get the user session;




OR you could just use the implicit variable "session" already defined for you on the JSP. Your choice.

Regarding detecting a closed browser, the only way is client side. The server can't distinguish between a browser that is closed, and a browser that is just no longer sending requests.
The window.onunload event detection is a possible solution, if a bit hacky.
The suggestion I have seen is to use a frameset with two frames. The 'main' frame displays your app, and the second frame is of size 0, and is where you put the window.onunload event. So you will only trigger the onunload event if you completely leave your app, or close the browser window.

Of course whether the onunload event manages to send a "I am closing" event to the server before being closed is another matter.

 
What's a year in metric? Do you know this metric stuff tiny ad?
Smokeless wood heat with a rocket mass heater
https://woodheat.net
reply
    Bookmark Topic Watch Topic
  • New Topic