Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Session

 
Raj Joe
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How do i clear the http session data when the user closes the browser.
Can i invalidate a user session when the user closes the browser.
 
Praful Thakare
Ranch Hand
Posts: 642
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I dont know the exact code but u can do it as follows

1 handel windows (browser)close event
2 call a javascript function on it and send request to some jsp
on server which will invalidate the session.

Cheers
-Praful
 
Shailesh Chandra
Ranch Hand
Posts: 1082
Java Oracle Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I dont think handling the close event of browser is very efficient.

eg: I press CTRL + N during any session and new window gets open with same session. I perform any operation on new window same time old window is open.

but closing any window will kill my session, and being a user I will not like it.
[ October 27, 2004: Message edited by: Shailesh Chandra ]
 
Sonny Gill
Ranch Hand
Posts: 1211
IntelliJ IDE Mac
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You cant use Javascript function to invalidate session when the user closes the browser.

The cross browser JavaScript you can possibly use is the onUnload() event. This event gets fired whenever the current page being shown is about to be changed. Most browsers fire it when you close the browser, but it will also be fired when you move from one page to next. So, you cant reliably use it to detect a browser being closed.

The best thing to do is to set the session time out appropriately for your web app. It has been discussed many times before.
Try doing a google search of Javaranch forums
http://www.google.com.my/search?q=browser+close+session+invalidate+site%3Asaloon.javaranch.com
 
Adeel Ansari
Ranch Hand
Posts: 2874
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi folks,

shouldn't be the javascript soluiton. ofcourse you should do that always. but again its on client-end. Moreover, javascript may vary browser to browser.

its better to use HttpSessionListener. and invalidate the session on logout and session-timeout. it will definitely work in any case. but ofcourse session-timeout might not be the real logout time for the user. you can use javascript solution along this one.

cheers
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic