File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes session expunged Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "session expunged" Watch "session expunged" New topic

session expunged

cyril vidal
Ranch Hand

Joined: Jul 02, 2003
Posts: 247
I just would like to be sure. A session may not be expunged by closing the window,right?
The only two possibilities:
-The client does not send a request to the web application for a length of time that exceeds the session timeout value of the associated session object in the application.
- Accessing a resource which causes the associated session to be explicity invalidated by making a call to the invalidate() method of the session.
Please correct me if I'm wrong,

SCJP 1.4, SCWCD, SCBCD, IBM XML, IBM Websphere 285, IBM Websphere 287
Andy Smith
Ranch Hand

Joined: Sep 28, 2003
Posts: 239
Yes Cyril u r absolutely right...
Sessions are not expunged on the Close of browser window..
only by calling invalidate explicitly or time out...

Share Knowledge to gain it.
SCJP 2, SCWCD 2, SCDJWS, IBM 141 (In Progress), IBM 486 (Next)
Yorck Zhou

Joined: Jan 04, 2003
Posts: 22
Sessions will be expunged when we close all the window related with the sessions. A session ends when the client left the "conversation".

----------------------------------<br />SCJP SCWCD<br />dive into EJB, drinking hot Java
Jayadev Pulaparty
Ranch Hand

Joined: Mar 25, 2002
Posts: 662
I too think that session will be closed when the client closes all the browser windows pertaining to that session. Otherwise, once i login to a website with a browser and kill that window, if i connect to the same website again, i should be with a login status already or atleast be shown with my previous session state. I don't think that is the case.
Ali Ragi
Ranch Hand

Joined: Dec 10, 2003
Posts: 60
I do agree with Andy Smith, and disagree with Yorck Zhou
Quote: "Sessions are not expunged on the Close of browser window..
only by calling invalidate explicitly or time out..."
Further explanation: Because web server has no idea about the activity of the client browser until it receives a request from the client with its session info. If the web server didn't receive any further request from the client because the client close all the windows, it would keep the session until it expires - time out, and then the session is closed. Simple it's that
Jayadev Pulaparty
Ranch Hand

Joined: Mar 25, 2002
Posts: 662
I see. So storing a session doesn't need to imply that the login, etc. info is stored. So when the user closes the browser, then i may assume that the "user" attribute of the session object gets wiped out, but the session object itself remains on the webserver till timeout. Please correct me for any misconceptions.
Mehdi Chaouachi
Ranch Hand

Joined: Jul 02, 2003
Posts: 87
Nothing gets "wiped out" of the session object, the session object remains intact and still exists in the server.
You can look at it like this, if the user closes the browser windows he cannot any more contact the server with that same login (baically the cookie gets deleted) but the server has no means to know that the user closed his browser, so it still keeps the session for the user in case he connects again from the same browser window (which is not the case here, becaused he closed his browser). After the timeout period (depending on the server provider, let's say 30 min) the server assumes that since the user havent connected since 30 min the user have closed the browser, so it destroys the session object.
hope this was clear.
[ January 13, 2004: Message edited by: Mehdi Chaouachi ]

Mehdi Chaouachi<p>Sun Certified Java Programer (1.4)<br />Sun Certified Web Component Developer (1.4).<br />Sun Certified Mobile Application Developer.
Edwin Keeton

Joined: Jul 22, 2002
Posts: 18
One more way to look at it: the server has no idea about anything you do except when you send a request. The server doesn't even know who you are when you send a request unless you send a cookie or rewrite the URL with a session id. There is no connection between you, the client, and the server after the response is sent.
I agree. Here's the link:
subject: session expunged
It's not a secret anymore!