Hi, I just would like to be sure. A session may not be expunged by closing the window,right? The only two possibilities: -The client does not send a request to the web application for a length of time that exceeds the session timeout value of the associated session object in the application. - Accessing a resource which causes the associated session to be explicity invalidated by making a call to the invalidate() method of the session. Please correct me if I'm wrong, Regards, Cyril.
SCJP 1.4, SCWCD, SCBCD, IBM XML, IBM Websphere 285, IBM Websphere 287
I too think that session will be closed when the client closes all the browser windows pertaining to that session. Otherwise, once i login to a website with a browser and kill that window, if i connect to the same website again, i should be with a login status already or atleast be shown with my previous session state. I don't think that is the case.
I do agree with Andy Smith, and disagree with Yorck Zhou Quote: "Sessions are not expunged on the Close of browser window.. only by calling invalidate explicitly or time out..." Further explanation: Because web server has no idea about the activity of the client browser until it receives a request from the client with its session info. If the web server didn't receive any further request from the client because the client close all the windows, it would keep the session until it expires - time out, and then the session is closed. Simple it's that
Joined: Mar 25, 2002
I see. So storing a session doesn't need to imply that the login, etc. info is stored. So when the user closes the browser, then i may assume that the "user" attribute of the session object gets wiped out, but the session object itself remains on the webserver till timeout. Please correct me for any misconceptions. Thanks.
Nothing gets "wiped out" of the session object, the session object remains intact and still exists in the server. You can look at it like this, if the user closes the browser windows he cannot any more contact the server with that same login (baically the cookie gets deleted) but the server has no means to know that the user closed his browser, so it still keeps the session for the user in case he connects again from the same browser window (which is not the case here, becaused he closed his browser). After the timeout period (depending on the server provider, let's say 30 min) the server assumes that since the user havent connected since 30 min the user have closed the browser, so it destroys the session object. hope this was clear. [ January 13, 2004: Message edited by: Mehdi Chaouachi ]
Mehdi Chaouachi<p>Sun Certified Java Programer (1.4)<br />Sun Certified Web Component Developer (1.4).<br />Sun Certified Mobile Application Developer.
One more way to look at it: the server has no idea about anything you do except when you send a request. The server doesn't even know who you are when you send a request unless you send a cookie or rewrite the URL with a session id. There is no connection between you, the client, and the server after the response is sent.