aspose file tools*
The moose likes Servlets and the fly likes Java gurus please! Detecting browser close, Framesets, and Threads in Servlets Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Java gurus please! Detecting browser close, Framesets, and Threads in Servlets" Watch "Java gurus please! Detecting browser close, Framesets, and Threads in Servlets" New topic
Author

Java gurus please! Detecting browser close, Framesets, and Threads in Servlets

Sonny Gill
Ranch Hand

Joined: Feb 02, 2002
Posts: 1211

Need advice from all the Java gurus.. (Mr. Brogden appears to be quite active on the forum
Who hasn't run into this problem at one time or another!
Problem: Detecting when a user who is logged in closes the browser without logging out, and updating a field in database to show the user as having logged out.
(Now, I know there is no reliable way, but it is one of those 'nice to have' features that I need to put into the application I am working on. The good thing is, it is an intranet application, so I can make some assumptions about the type of the user-agent)

Only solution I can think of:
I run the application in a frameset-based webpage. Run the main application in the main frame, and a self-refreshing webpage in the other almost invisible frame. The web-page in the invisible frame, lets call it monitor.jsp, refreshes itself every 10 seconds(say).
When a user logs in, I create a session-scope Thread(in the form of a bean, perhaps), which checks every 30 seconds when the last-access time was for that session. If there has been no contact for that session for 30 seconds, which should be happening every 10 seconds as monitor.jsp refreshes itself, I log out the user.
As I said, I can assume that framesets are supported on the user browsers.
Will this work? pros? cons?

Alternatives:
1)
Create an application scope bean that monitors each user that is logged in. Only one extra thread is created. or
Create a separate Runnable bean for each user. A thread is created for each user logged in, but it would be simpler to implement. Would this cause any problems?
2)
Setting the Http-equiv refresh meta tag on the web-page through HTML.
or
Setting it through response.setHeader()
Is either one more reliable than the other?

All help is most appreciated. many thanks.
[ February 04, 2004: Message edited by: Sonny Gill ]

The future is here. It's just not evenly distributed yet. - William Gibson
Consultant @ Xebia. Sonny Gill Tweets
Suma K Gowda
Greenhorn

Joined: Feb 03, 2004
Posts: 12
As you said I also had faced the similar problem.
I have found a easiest way to do the needful, but doesn't know how effiecient it is.
Assuming that its a frame based web application
In any of the html pages under different frames(top,left or main), which will be loaded for sure at the time of a browser closes.
For eg: The topframe's page which is usually be static. onUnload() event of that page call a javascript which opens a new page, within that page, onLoad event call a javascript function which calls a servlet, and tell your servlet that if the request comes from this page then user is closing the window, then the servlet should take care deleting the required stuff like session or persistent data from the database.
This worked for me, you can try it!!!
Suma K Gowda
Greenhorn

Joined: Feb 03, 2004
Posts: 12
As you said I also had faced the similar problem.
I have found a easiest way to do the needful, but doesn't know how effiecient it is.
Assuming that its a frame based web application
In any of the html pages under different frames(top,left or main), which will be loaded for sure at the time of a browser closes.
For eg: The topframe's page which is usually be static. onUnload() event of that page call a javascript which opens a new page, within that page, onLoad event call a javascript function which calls a servlet, and tell your servlet that if the request comes from this page then user is closing the window, then the servlet should take care deleting the required stuff like session or persistent data from the database. After few seconds you can close the window which has been opened dynamically, even if the user closes the window manually, as the request will be sent already, that won't affect anything.
This worked for me, you can try it!!!
Sonny Gill
Ranch Hand

Joined: Feb 02, 2002
Posts: 1211

Hmmm..
that sounds very good and very simple...why didnt I think of it
I just coded a quick prototype the way I outlined earlier to do what i wanted to do, with one thread for each session, and tested it for up to 1000 sessions using HttpUnit, and it seems to work fine.
But your way of doing it certainly is much simpler, and there are no threads, and no increased network traffic with each request that I am making every few seconds to update the last accessed time for each session. I think I will try it tomorrow. Did your ever run into any problems using that method?
Only problem that I can think of at the moment is, that some smartarse user might look at the page source, and access the main page directly without going through the frameset page. In that case, the page with javascript is never loaded...or unloaded. But if I rely on the user making a request every 10 sec(say) , and he tries to go around it, the monitor thread running at server will still log him out. That is a bit far-fetched but..never trust the end user
This has given me something to think about on the ride back home.
Thanks a million for the reply Push!
Sonny Gill
Ranch Hand

Joined: Feb 02, 2002
Posts: 1211

I am sure somebody can find a flaw or two in this reasoning...they are always there, lurking around the corner!
Brahim Bakayoko
Ranch Hand

Joined: Aug 29, 2003
Posts: 155
Originally posted by Sonny Gill:
I am sure somebody can find a flaw or two in this reasoning...they are always there, lurking around the corner!

hum! ... is that a bad thing?
I guess I will simply refrain from commenting. :roll:


SCJP, SCWCD, SCBCD, IBM CSD WebSphere v5, <br />A+, MCP 2000 and 2000 server, CST, and few incompleted certification tracks.<br /> <br />Ivory Coast<br /> <br />Analyze your web Request/Response @ <a href="http://webtools.servehttp.com" target="_blank" rel="nofollow">http://webtools.servehttp.com</a> down for a while...
Sonny Gill
Ranch Hand

Joined: Feb 02, 2002
Posts: 1211

Originally posted by Brahim Bakayoko:

hum! ... is that a bad thing?
I guess I will simply refrain from commenting. :roll:

oh, I am sorry! I am afraid I may not have put it right.
What I meant to say was that I hope somebody can find any flaws that I might have overlooked (The flaws are always lurking around the corner )
cheers
Brahim Bakayoko
Ranch Hand

Joined: Aug 29, 2003
Posts: 155
... ah what the heck!
Use session tracking with a timeout period as appropriate.
1. you have the option of saving whatever you want about the session as it times out (refer to the HttpSessionListener interface)
2. or leave all info to expire
Once the user returns, you can initialize the new session with the saved data....
Remember that http is stateless. Finally, javascript is your best option to terminating nicely a session before it times out as said above: have an onclose statement send a close flag along with the session id to a session manager servlet.
Brahim Bakayoko
Ranch Hand

Joined: Aug 29, 2003
Posts: 155
One last thing, remember that terminating a session at the close of the browser will limit somewhat the use of a session.
The idea of a session is to allow a single user to interact with the web application possibly from different machines and surely from different browser windows.
If you were to be an ecommerce site, killing the session at the close of a browser would be awful programming. Many shoppers tend to open more than one browser to browse and see different sections of a site.
Food for thought...
Sonny Gill
Ranch Hand

Joined: Feb 02, 2002
Posts: 1211

Actually, the idea here is to not let a user login from different machines at concurrently, and to strictly monitor when they start using and stop using the applicatin.
It is not an ecommerce site.
Thanks for your input.
Suma K Gowda
Greenhorn

Joined: Feb 03, 2004
Posts: 12
Originally posted by Sonny Gill:
Hmmm..
Only problem that I can think of at the moment is, that some smartarse user might look at the page source, and access the main page directly without going through the frameset page. In that case, the page with javascript is never loaded...or unloaded. But if I rely on the user making a request every 10 sec(say) , and he tries to go around it, the monitor thread running at server will still log him out. That is a bit far-fetched but..never trust the end user
!

What you can do is, make the window size very small may be 1 px width & height, and minimize the window dynamically, so that the user don't even reconize that some window has been popped up or something is happening after he has closed the window.
And when you are done with your session kiiling, dynamically close the window.
For me it worked fine, I didn't had any problem, but as you know if the end user wants to make it fail he can do it anywayz
Regards
Push
Sonny Gill
Ranch Hand

Joined: Feb 02, 2002
Posts: 1211

Yup, that should work.
Closing the window is not a problem.. my original thought was what happens if the user tries to bypass the frameset page, and by looking at the source finds out the URL for the main page being loaded, and directly goes there. But, I should be able to manage that without much difficulty. I can just deny them access if they havent gone throught the frameset page provided.
thanks again, push.
regards
Basavaraju Banakar
Greenhorn

Joined: Jul 18, 2002
Posts: 25
Originally posted by push j:

For me it worked fine, I didn't had any problem, but as you know if the end user wants to make it fail he can do it anywayz
Regards
Push

Did u try refreshing the entire page.. then the unload method of the header is called.. which might end the user session??


It is impossible to make anything foolproof because fools are so ingenious..Murphy<br />Basu.
Suma K Gowda
Greenhorn

Joined: Feb 03, 2004
Posts: 12
Originally posted by Basavaraju Banakar:

Did u try refreshing the entire page.. then the unload method of the header is called.. which might end the user session??

When the unload method is called, first it opens a new window using javascript before actually getting self closed.
The newly opened browser will call the servlet on onLoad event, and the servlet will take care of the rest like session killing....
Basavaraju Banakar
Greenhorn

Joined: Jul 18, 2002
Posts: 25
How exactly will u make the differentiation between the unload method called due to closing of window and that of refreshing the page...
same method is called in both the cases....
I assume that u check for the parent window (whether it exist..) and then call the servlet appropriately?
 
 
subject: Java gurus please! Detecting browser close, Framesets, and Threads in Servlets