• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Liutauras Vilda
  • Paul Clapham
Sheriffs:
  • paul wheaton
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Piet Souris
Bartenders:
  • Mike London

log out is not happening properly

 
Ranch Hand
Posts: 37
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
this question is related to javaranch

i clicked on the close (x )button of web browser and after some time i opened the web browser again then i saw,my session is not logged out.

please give me the detail description of web browser(x) button and (logout) button of an application
what we do for both in the program so that application invalidate your session?
 
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Closing the browser will not necessarily log you out. It usually happens in Financial web sites due to tough security reason/policies.

When you click log out button on any website it invalidates the session and hence logs you out.

I am pretty sure you can find more precise answer by searching in javaranch forums or just google it.
 
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Not quite right.

It is a common mistake to confuse authorisation with session management. While authorisation (logins) are typically backed by the session, it is not mandatory and certainly not the case in some containers.

It can also be the case that invalidating the session does not log the user out. One example is Websphere, where container managed security is implemented using a separate encrypted cookie managed by the container. If your session expires (or is invalidated) but the security cookie is still valid, you will be given a new session.

Also, there is a difference between in-memory and persistent cookies. Again typically sessions are stored using in-memory cookies, so that closing the browser makes them go away. It is still possible to use persistent cookies, in which case closing the browser will not log you out, much like the JavaRanch cookie.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic