hi I want the servlet to know that the user has closed the browser. If the user logs out by clicking on log-out button in the page, the servlets can know that the user has logged out(and can invalidate the session). But if the browser is closed by the user without logging out, how can the servlet know that the user has logged out? or in other words i want the session to invalidated whenever the user logs out(which I can do) or whenever the user closes the browser(which the servlet is not able to know). The servlet maintains a list of users logged in. Please let me know the solution. thanks in advance Tanveer
Author of JPhotoBrush Pro (www.jphotobrushpro.com)
Joined: Dec 11, 2000
The solution is to put a timeout on the login session. Browsers have no way to reliably notify the server, and in any event, if the Browser or client OS crashed (which was fairly common until recently), there would be cases where notification couldn't be relied on anyway. A lot of websites do provide a "logout" button, but as a user, I can tell you that I often forget it's there and just move onto another website. Which is another reason why you can't get a good notification. If I jump to a new website OR open another browser window to a new website, the session to the old website is still there - HTTP isn't a connect-to-only-one-server type of service.
An IDE is no substitute for an Intelligent Developer.
I like to use a class that implements HttpSessionBindingListener - if you attach one of these to the user's session, it will get called when the session is deleted after it times out - or - if you call the session invalidate method. That way, no matter what happens your servlet eventually gets notified that the user is not active. There are also other session listeners that some folks prefer to use. Bill
By nature, a web server forgets about the user as soon as the current request has been satisfied. Only through the Session API can the next request from that user be identified. Although a Logout button can be utilized, it is rarely (as mentioned above) used. If you are using version 2.3 of the JSDK, you can use LifeCycleEvents. Most Web Containers allow you to set a Session Timeout, which invalidates a Session after so much time as passed. By utilizing an HttpSessionListener, you can guarentee you will be notified a Session is about to be destroyed. While this approach still requires you wait for the Session to time out, it does give you the ability to guarentee the Session is invalidated as you would like it. I would suggest any resource that can be shared across multiple users/request (Database connections) be used via a pool (DataSource) whenever possible.