jQuery in Action, 2nd edition*
The moose likes Servlets and the fly likes Why session destroyed when browser closed Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Why session destroyed when browser closed" Watch "Why session destroyed when browser closed" New topic
Author

Why session destroyed when browser closed

Treimin Clark
Ranch Hand

Joined: Nov 12, 2008
Posts: 757
Hi,

I attempted to keep the session available, even after the browser closed. But when the browser closed and start again, it doesn't send the jsessionid (cookie) to the server.

Then I tried,

1. I set the setMaxInactiveInterval on HttpSession for a long duration
2. Set the setMaxAge on the cookie named "jsessionid" for a long duration.
3. I set the setMaxInactiveInterval on HttpSession for -1.
4. Set the setMaxAge on the cookie named "jsessionid" for -1.

I used above actions independently and together, but the result didn't changed as I wished.

I'm using IE6 for this. However, the above problem is not occured with Firefox!

Please don't say that the problem is with IE6. Because I'm using JavaRanch on the IE6, and my JavaRanch account is always signed-in within it.

Please tell me how can I do this? Is there any other way I can use, like JavaRanch does?
Steve Luke
Bartender

Joined: Jan 28, 2003
Posts: 3943
    
  17

Originally posted by Treimin Clark:
Hi,

I attempted to keep the session available, even after the browser closed. But when the browser closed and start again, it doesn't send the jsessionid (cookie) to the server.

Then I tried,

1. I set the setMaxInactiveInterval on HttpSession for a long duration
2. Set the setMaxAge on the cookie named "jsessionid" for a long duration.
3. I set the setMaxInactiveInterval on HttpSession for -1.
4. Set the setMaxAge on the cookie named "jsessionid" for -1.

I used above actions independently and together, but the result didn't changed as I wished.

I'm using IE6 for this. However, the above problem is not occured with Firefox!

Please don't say that the problem is with IE6. Because I'm using JavaRanch on the IE6, and my JavaRanch account is always signed-in within it.

Please tell me how can I do this? Is there any other way I can use, like JavaRanch does?


The Session cookie is a special cookie that is designed to only live for the same user session - which ends when the service connected to the web application ends - which ends when the browser is closed. The cookie SHOULD be destroyed when the browser is closed (if Firefox doesn't remove the cookie than it is a problem with Firefox), and is typically NOT saved.

JavaRanch's constant logon does not preserve your session. It assigns a New cookie with a long MaxAge that identifies you when you make the first request and starts a new session that associates your user id with the new session that is made.

So you would need to follow the same strategy:
1) Each user gets a permanent user id
2) Any settings and info you want shared from session to session needs to be stored permanently associated with that ID (in a database usually)
3) Store a new cookie when a user logs in with the user id (not session id), with a MaxAge as long as possible.
4) When a user comes back to the site check for the cookie, create a new session, look up the user id you stored in the cookie, and associate any info you want to propagate from session to session with the new session.

A couple of things you should think about would be:
- You should probably encrypt the cookie so it is harder for people to find the id you are using
- Don't store the password
- If your system stores any important private information, you should still require an additional login to access the info
- Make sure you re-up the MaxAge on the user id cookie each time the user logs in to help make the auto-login feature appear perpetual.


Steve
Raf Szczypiorski
Ranch Hand

Joined: Aug 21, 2008
Posts: 383
Actually, you can do this to preserve the session:

Note that I explicitly call addCo okie() with the JSESSIONID name, which is the co okie that the specs dictates must be used for session tracking. When I first visit the page, it says I'm new, every next visit it greats me with my name. When I close the browser, and visit the page again, it remembers my name as the co okie is stored on disk and sent to the server. It will only work if you visit the page within the session-timeout configuration setting, after that the JSESSIONID is meaningless for the server, it is invlaidated.
Also note that it works with Tomcat 6 and servlet 2.5. I don't know if this is portable to Jetty for instance.
(There is a deliberate space within "Cookie" / "cookie" because Javaranch prevents uing it - kind of security measure.)
[ December 18, 2008: Message edited by: Raf Szczypiorski ]
Treimin Clark
Ranch Hand

Joined: Nov 12, 2008
Posts: 757
Thanks for Steve and Raf.

@Raf,
This is what I actually done before posting this question. But it works on Firefox only. (Not worked on IE6)

I think, I should do something as Steve said, even though it seems hard. :roll:

If you can provide another solution for retrieve the session, please post it. It will be helpful to me alot.

Thanks in advance.
[ December 18, 2008: Message edited by: Treimin Clark ]
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

Persist it in a database and retrieve it from there? Serialize the session state to disk and recover it on login?

You can, as Raf suggests, persists the JSESSIONID. But any data associated with it will dissappear when the session times out, and that is not going to be a huge amount of time (think minutes not days).


JavaRanch FAQ HowToAskQuestionsOnJavaRanch
Raf Szczypiorski
Ranch Hand

Joined: Aug 21, 2008
Posts: 383
@Treimin
Yup, sorry, I kind of didn't see that you tried that already :roll:
Treimin Clark
Ranch Hand

Joined: Nov 12, 2008
Posts: 757
Hi Raf,

I found that why our code doesn't run for me. It was because of this.
 
jQuery in Action, 2nd edition
 
subject: Why session destroyed when browser closed
 
Similar Threads
Doubt between setMaxAge() and setMaxInactiveInterval() method
cookie vs session
setMaxInactiveInterval and <session-timeout> question
session that never dies
Do Session get invalidated when we close the browser