I would like to clear session when user closes browser window by clicking
the "x" in upper right hand corner. Since this is a client side event, how
do I run server code when user clicks "x"?
What i want to do is that i have to set a flag in the database for the user who is going to log out and in the current scenario
i have to handle that also ,if he/she clicks on "X" in the browser window then also flag should be set in the database.
There is actually one possible way that does generate an event on the server if the page is closed or navigated away from. That's Web Sockets. When the Web Socket closes (for whatever reason), the server gets an event that you can react upon. The reason is often known, but not always.
There are of course drawbacks as well. First, if the Web Socket is closed because of a networking issue while the page is still active, the server may have acted upon the closure. Second (and this is why I don't like Web Sockets), it doesn't scale. Unless I'm mistaken, a Web Socket session is bound to one single server. Even if you have a cluster of servers that include clustered HTTP session management, the Web Socket is still bound to one server. If that server goes down or something like that, the client loses its connection and the application needs to recover.
Can I run a method which updates the database when the session is invalidated?
I am calling my code and explicitly invalidate the session when the user logs out with the Logout button on my application.
I was wondering where to put the same database update code when the server invalidates the session automatically after some time?
I don't click "X" to close browser windows and tabs. I use Ctrl-W or Ctrl-Q.
The biggest problem with tracking what the user is doing (or not doing) in the browser is that HTTP is not a continuously-connected protocol and "login" doesn't mean quite what it does to time-share connections and the like.
Note that if a user turns off the computer and simply walks away from a web application, the session will remain on the server side until the timeout interval indicated in web.xml expires. Rebooting, however, will probably not get you that same session - it would depend on your browser cookie options (or a preserved URL rewrite). And the session is attached to its hash ID, so you could potentially have 2 sessions active for one client, though getting at both of them would be a challenge.
I would avoid keeping stuff in databases just hanging around for a session. Sometimes when you're building a workflow, it may be unavoidable, but preferably that sort of stuff should be kept in staging tables where they can be cleaned out automatically on schedule. For the rest, I think you can probably rely on HttpSessionListener.
Science is the process of replacing what we "know" with what is TRUE. Politics, alas, often prefers to be the opposite.
If you use HttpSession, you can use an HttpSessionListener to get notified when the session ends. You can then act on that. You can probably use the session's ServletContext to access anything you need, or perhaps some CDI injected beans.