How can we detect unused/inactive sessions (probably from a browser crash / Not logging out ) and remove those sessions. ? I am aware of the session time out feature, apart from that , do we have any better options ?
Let me guess... you want to run some code on the server which finds out which sessions are "inactive".
As you already said, the timeout period is the tool for cleaning up unused sessions. There is no way to find out, from the server, what the user of a session is doing now. They might be talking to a co-worker or checking Facebook or they might have turned off their computer, but you can't tell. That's why the timeout is there.
If the timeout is kept at some 5 minutes , and in an application which gets used by millions of users, there could be large of number of inactive/unused sessions (cases where the user might not come back to the session , like he closed the browser and went for a movie ). How can we prevent these kind of sessions getting piled up?
Well, as you already know, if you choose a 5-minute timeout period then the session is going to exist in your server until 5 minutes has passed without any request from the session's client. So what exactly is your question?
I Apologize for the repeated questions on the same topic, Actually i got this question on an interview and I replied with the mighty answer of session time out tool, but the "Guy" keep telling me there are other better ways .. His point was that starting from the 1st minute to the end of 4th minute there could be lots of unused sessions which might take lots of memory and slow down the application , so the question was to run something like a session cleanup code after 2.5 minutes and balance the memory usage. Any way Paul , bear thanks for the replies and accepted the session time out solution.
Oh, it was an interview question. Not a real-life question at all then.
I suppose if you did have this problem in real life, you could do something like randomly terminating sessions before they actually timed out. The majority of users wouldn't know whether the timeout period was 5 minutes or 4 minutes anyway, and they wouldn't have been keeping track in most cases. And for those who did want to complain, you would provide one of those phone services where they told the user "Your call is important to us" and then put them on hold for 25 minutes.
Maybe a long polling mechanism ( like comet ) can be used? You can check if the client is still there, or if any events in the browser itself are triggered...Of course you will have to use a lot of script, depending how much you want to check...
Polling can't be used as it defeats the entire purpose of this (rather silly) exercise. If the original question is centered around keeping the load on the server to a minimum, a highly expensive technique like Comet will make the situation far far worse.