File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Struts and the fly likes Application Not signing out Authenticate customers Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Application Not signing out Authenticate customers" Watch "Application Not signing out Authenticate customers" New topic

Application Not signing out Authenticate customers

somu muthaiah

Joined: Feb 10, 2010
Posts: 3

Am basically new to Struts 2. I have a complex situation here..If you guys can help me it would be great !! :rolleyes:

I have a client server Application. below is the actual scenario.

The application is not signing authenticated customers out of the application when the "x" is clicked in the top right of the browser to close the browser. If customer "A" authenticates in the app and then closes the browser using the "x" and then customer "B" navigates to the application on the same computer, the application is automatically authenticating and treating customer "B" as if they were customer "A" . The application needs to be fixed so that anytime the “x” on the browser is used to close it, all authenticated information is cleared from memory.

I tried to capture the window close event by using onUnload event but to my dismay the function triggers when the page is refreshed or navigated. Tried to capture by mouse posistion but again dosent work when it is closed by "Alt F4" or the window size is small..

Will Token-Session interceptor of struts2 be useful to solve this issue as it stops multiple request from same session. please help me out guys, am totally confused? :confused:

"Cheers" - Soms
Ankit Garg

Joined: Aug 03, 2008
Posts: 9465

When you said that you press of the "x" (close) button did you mean the browser or tab?? If you close the browser window completely, the session cookie is deleted from the browser (by default the JSESSIONID cookie's life is -1 i.e. till the browser window is open). This question has been asked before like here. Token session won't be of much help as its only useful to prevent double submission of a form...

SCJP 6 | SCWCD 5 | Javaranch SCJP FAQ | SCWCD Links
somu muthaiah

Joined: Feb 10, 2010
Posts: 3
Thanks Ankit for your reply !

In case of Firefox, if we open two browser windows simultaneously and sign in to the application in one window, the cookies are getting shared with the other window also. so closing the particular window (with 'x') alone will not delete the JSESSIONID and so the problem persists as the cookie is alive in the other window

In case of IE, I meant when we close the Tab, the problem occurs.

And It would be really helpful if you could elaborate why token session will not be a good hand here?.

And Is there any other way to solve this other than using onUnload to capture the close event as it has its own set of drawbacks.??
somu muthaiah

Joined: Feb 10, 2010
Posts: 3
Any Help guys ??
David Newton

Joined: Sep 29, 2008
Posts: 12617

This has nothing to do with Struts--this is just how browsers work.
I agree. Here's the link:
subject: Application Not signing out Authenticate customers
It's not a secret anymore!