How to ensure user session destroyed wn browser closed Withought user logged out.

Today I faced a problem in my java application .User session didn't destroy wn I directly closed browser without logout user. After some time (less than default time which is described in web.xml) wn I again open browser I get old session. HTTTP protocol is stateless protocol so how it is possible to destroy sessions wn randomly closed browser Withought logout.
Wt I have done, first I tried to put session time 30 sec by default in web.xml. but its not right way.
Second I have stored all valid session in Hashmap.browser closed but Session exists with user id .wn user logged in again, first I checked hashmap if user's session exists i closed user session and then again logged in with new session. Actually my problem is solved but wn I analysed java point of view I get many overheads like wt will happen wn my system will execute in distributed environment... I done google but did't find right answers. Now I am trying to find answer in "Head and first" book .

if anyone have better answer kindly share.....

Replies

Anoop Kumar
You can even force user not to close window. using
```
window.onbeforeunload =  
```
This will be called when closing Tab/Browser window. and you can close the session in this code snippet.
2nd, When user comes to loin screen always invalidateSession if exist also use following in jsp
```
response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
response.setDateHeader("Expires", 0); // Proxies.
```
Ajay Pandey
Anoop Kumar
You can even force user not to close window. using

window.onbeforeunload =
This will be called when closing Tab/Browser window. and you can close the session in this code snippet.
2nd, When user comes to loin screen always invalidateSession if exist also use following in jsp

response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1. response.setHeader("Pragma", "no-cache"); // HTTP 1.0. response.setDateHeader("Expires", 0); // Proxies.

Thanks @#-Link-Snipped-#.
Actually problem is, User can login concurrently more than one branch. My application is related to Banking Domain. Some Head office user can login more than one branch. When user comes after browser directly closed, both session invalidated.
Today I get some logic that used by gmail. I am trying to implement in java. Some useful information I get from "Head and First".
Anoop Kumar

But if you invalidate one session how does it affect session from another place.
Are you storing session in DB?
Manish Goyal

Instead of going technical, can you please explain your motive behind solving this Problem

What are you actually trying implement?
Ajay Pandey

Anoop Kumar
But if you invalidate one session how does it affect session from another place.
Are you storing session in DB?
Yes, we keep all user login and logout information in our system.
Actually what I have done first I have stored both session of single user id in one list. And then list stored in hashmap as value and user id as key.now hashmap synchronised with database(using hibernate).when I invalidate user both session destroyed. So now I have restructured userloginfo table.
Ajay Pandey

Manish Goyal
Instead of going technical, can you please explain your motive behind solving this Problem

What are you actually trying implement?
@#-Link-Snipped-# my problem is how to logout wn user closed browser directly.my system working in distributed environment.one more thing one user can login concurrently more than one branch.....Ok
Manish Goyal

Use the onunload event to send an ajax request to your server to kill the session on window unload

#-Link-Snipped-#
Prasad Ajinkya

Can you try reducing the scope (time) of the session to match that of the user's browser session?
Anand Tamariya
Use following JS to send a request indicating browser close.
```
window.onbeforeunload = 
```
On receiveing this request on server, invalidate the session.
yogi.bharadwaj

Ajay Pandey
Today I faced a problem in my java application .User session didn't destroy wn I directly closed browser without logout user. After some time (less than default time which is described in web.xml) wn I again open browser I get old session. HTTTP protocol is stateless protocol so how it is possible to destroy sessions wn randomly closed browser Withought logout.
Wt I have done, first I tried to put session time 30 sec by default in web.xml. but its not right way.
Second I have stored all valid session in Hashmap.browser closed but Session exists with user id .wn user logged in again, first I checked hashmap if user's session exists i closed user session and then again logged in with new session. Actually my problem is solved but wn I analysed java point of view I get many overheads like wt will happen wn my system will execute in distributed environment... I done google but did't find right answers. Now I am trying to find answer in "Head and first" book .

if anyone have better answer kindly share.....
the cache and cookie memory of your browser will stores the data and if your browser crashes or accidently stopped and when restart it got message through cache an cookie memory to restore the session so simply clear the cache and cookie so your all login data gets cleared the other way is that use private browsing it will not stores anything.

You are reading an archived discussion.

How to ensure user session destroyed wn browser closed Withought user logged out.

Replies

Related Posts

Slow sand filter design

Self destructing data system project idea

Datafly is now out for grab for free

Difference Between sql server 2005,2008,2012

Chinese Company Seeks Crowd-Funding To Mass Produce Iron Man Mark III Armour