How to ensure user session destroyed wn browser closed Withought user logged out.
Today I faced a problem in my java application .User session didn't destroy wn I directly closed browser without logout user. After some time (less than default time which is described in web.xml) wn I again open browser I get old session. HTTTP protocol is stateless protocol so how it is possible to destroy sessions wn randomly closed browser Withought logout.
Wt I have done, first I tried to put session time 30 sec by default in web.xml. but its not right way.
Second I have stored all valid session in Hashmap.browser closed but Session exists with user id .wn user logged in again, first I checked hashmap if user's session exists i closed user session and then again logged in with new session. Actually my problem is solved but wn I analysed java point of view I get many overheads like wt will happen wn my system will execute in distributed environment... I done google but did't find right answers. Now I am trying to find answer in "Head and first" book .
if anyone have better answer kindly share.....
Wt I have done, first I tried to put session time 30 sec by default in web.xml. but its not right way.
Second I have stored all valid session in Hashmap.browser closed but Session exists with user id .wn user logged in again, first I checked hashmap if user's session exists i closed user session and then again logged in with new session. Actually my problem is solved but wn I analysed java point of view I get many overheads like wt will happen wn my system will execute in distributed environment... I done google but did't find right answers. Now I am trying to find answer in "Head and first" book .
if anyone have better answer kindly share.....
Replies
-
Anoop KumarYou can even force user not to close window. using
window.onbeforeunload =
This will be called when closing Tab/Browser window. and you can close the session in this code snippet.
2nd, When user comes to loin screen always invalidateSession if exist also use following in jsp
response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1. response.setHeader("Pragma", "no-cache"); // HTTP 1.0. response.setDateHeader("Expires", 0); // Proxies.
-
Ajay PandeyAnoop KumarYou can even force user not to close window. using
window.onbeforeunload =
This will be called when closing Tab/Browser window. and you can close the session in this code snippet.
2nd, When user comes to loin screen always invalidateSession if exist also use following in jsp
response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1. response.setHeader("Pragma", "no-cache"); // HTTP 1.0. response.setDateHeader("Expires", 0); // Proxies.
Thanks @#-Link-Snipped-#.
Actually problem is, User can login concurrently more than one branch. My application is related to Banking Domain. Some Head office user can login more than one branch. When user comes after browser directly closed, both session invalidated.
Today I get some logic that used by gmail. I am trying to implement in java. Some useful information I get from "Head and First". -
Anoop KumarBut if you invalidate one session how does it affect session from another place.
Are you storing session in DB? -
Manish GoyalInstead of going technical, can you please explain your motive behind solving this Problem
What are you actually trying implement? -
Ajay Pandey
Yes, we keep all user login and logout information in our system.Anoop KumarBut if you invalidate one session how does it affect session from another place.
Are you storing session in DB?
Actually what I have done first I have stored both session of single user id in one list. And then list stored in hashmap as value and user id as key.now hashmap synchronised with database(using hibernate).when I invalidate user both session destroyed. So now I have restructured userloginfo table. -
Ajay Pandey
@#-Link-Snipped-# my problem is how to logout wn user closed browser directly.my system working in distributed environment.one more thing one user can login concurrently more than one branch.....OkManish GoyalInstead of going technical, can you please explain your motive behind solving this Problem
What are you actually trying implement? -
Manish GoyalUse the onunload event to send an ajax request to your server to kill the session on window unload
#-Link-Snipped-# -
Prasad AjinkyaCan you try reducing the scope (time) of the session to match that of the user's browser session?
-
Anand TamariyaUse following JS to send a request indicating browser close.
window.onbeforeunload =
On receiveing this request on server, invalidate the session. -
yogi.bharadwaj
the cache and cookie memory of your browser will stores the data and if your browser crashes or accidently stopped and when restart it got message through cache an cookie memory to restore the session so simply clear the cache and cookie so your all login data gets cleared the other way is that use private browsing it will not stores anything.Ajay PandeyToday I faced a problem in my java application .User session didn't destroy wn I directly closed browser without logout user. After some time (less than default time which is described in web.xml) wn I again open browser I get old session. HTTTP protocol is stateless protocol so how it is possible to destroy sessions wn randomly closed browser Withought logout.
Wt I have done, first I tried to put session time 30 sec by default in web.xml. but its not right way.
Second I have stored all valid session in Hashmap.browser closed but Session exists with user id .wn user logged in again, first I checked hashmap if user's session exists i closed user session and then again logged in with new session. Actually my problem is solved but wn I analysed java point of view I get many overheads like wt will happen wn my system will execute in distributed environment... I done google but did't find right answers. Now I am trying to find answer in "Head and first" book .
if anyone have better answer kindly share.....
You are reading an archived discussion.
Related Posts
hi friends iam currently doing ma 3rd year engineering for our college inorder to improve the drinking water quality I want to design the slow sand filter
for a demand...
any body have an idea about "SELF DESTRUCTING DATA SYSTEM"
Datafly is one of my dream projects. It is developed with the digitization problem the corporate and companies face. But our own problem with our data is no less. How...
What are all the meticulous difference between sql server 2005,2008,2012 ??
Being Iron Man was never this easy. A Shenzhen based company called Iron Man Factory which specialises in injection moulding have started a crowd-funding project to help them mass produce...