aspose file tools*
The moose likes Servlets and the fly likes How to invalidate a session when user switches to a different URL ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "How to invalidate a session when user switches to a different URL ? " Watch "How to invalidate a session when user switches to a different URL ? " New topic
Author

How to invalidate a session when user switches to a different URL ?

Sim Kim
Ranch Hand

Joined: Aug 06, 2004
Posts: 268
Hi,

In my application the user has logged in ( session created ) . Then on the same browser user types : www.google.com . Then when he comes back to my site he is still logged in . I want to invalidate his session .
How this can be done ?
Arvind Sampath
Ranch Hand

Joined: May 11, 2005
Posts: 144
You can use the 'referer' header to get the from url. Supppose the user visits some other site in the same browser and then requests for some page in ur appln., he can do so either by clicking the BACK button or typing ur appln. url in the browser. In the latter case, i guess the 'referer' header would be null. I am not sure about the former scenario tho
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

If the user switches to a URL that isn't part of your application, you won't know it. You would just have to wait until the session times out.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Vishnu Prakash
Ranch Hand

Joined: Nov 15, 2004
Posts: 1026

If the user switches to a URL that isn't part of your application, you won't know it. You would just have to wait until the session times out.


No need to wait till session expires. You can use the "referer" header to figure out whether user has left your application and switched to someother application and back with requests for some of your application resources.

I tried with "referer" header and it worked for me.



Servlet Spec 2.4/ Jsp Spec 2.0/ JSTL Spec 1.1 - JSTL Tag Documentation
saikrishna cinux
Ranch Hand

Joined: Apr 16, 2005
Posts: 689
hey why dont u develop your application in other way..
i mean you better use java script for full screen.
you should not give the access to the user for entering the url and even exit button...


your application must display in full screen mode.....


u even disable right click option




cinux


A = HARDWORK B = LUCK/FATE If C=(A+B) then C=SUCCESSFUL IN LIFE else C=FAILURE IN LIFE
SCJP 1.4
Vishnu Prakash
Ranch Hand

Joined: Nov 15, 2004
Posts: 1026
But the one issue with this is you can easily get back to your resources with back browser button. Ben is there a way to control this?
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60050
    
  65

Originally posted by saikrishna cinux:

your application must display in full screen mode.....


Only if you want to completely tick off your user base.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18121
    
    8

Why would you even want to control it? Frankly it's none of your business if I am running your application and I open another window or another tab to check another site.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60050
    
  65

Originally posted by Paul Clapham:
Why would you even want to control it? Frankly it's none of your business if I am running your application and I open another window or another tab to check another site.


Bingo!
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Originally posted by Vishnu Prakash:
But the one issue with this is you can easily get back to your resources with back browser button. Ben is there a way to control this?


Not reliably, which is why I said what I did earlier.
If this is a big concern, you might want to shorten the session timeout.

By the way: I agree completely with Paul's comment.
As a user, I would consider any app that tries to control my screen or console to be a poorly written piece of crap.
[ December 09, 2005: Message edited by: Ben Souther ]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to invalidate a session when user switches to a different URL ?
 
Similar Threads
logging page
Multiple Session Management
Issue in session manegement
invalidate others session
Logging out in Ctrl-N window