• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Tim Cooke
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Liutauras Vilda
  • Rob Spoor
  • Junilu Lacar
  • paul wheaton
Saloon Keepers:
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
  • Scott Selikoff
  • Piet Souris
  • Jj Roberts
  • fred rosenberger

How to delete the server side sessions

Ranch Hand
Posts: 42
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,

I have a wireless application and it is accessed through ptg/rm gateway from a PDA browser. Oracle wireless AS gives default login page (when the application is accessed through ptg/rm gateway) and when user login, user information session might get stored in server side (I am not sure, if any one can pls clarify me on this also?).

Now i have a requirement, in which my application user should get 'logoff' button in each and every page of my application. When he clicks on this button the user information session should get invalidated, so that even if the user goes back to the application (using back button of the browser) he should not able to enter the application. (This is same as any std. login/logout page logic).

Invalidating the session which resides in client side is easy (By using session.invalide()), but how can i delete the session which resides on the server side??? Whether is it possible??
If yes then how can i do it.

Any help will be very usefull.

Thanks well in adavance.
Ranch Hand
Posts: 92
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

It appears that you have 2 possible scenarios that you will have to handle on the server side to destroy a session.

The first scenario is when the client clicks the "logoff" button. On the server side, you would get the HttpSession object from the request object and then call the invalidate() method on the HttpSession object. See the JavaDoc API documentation (http://java.sun.com/j2ee/1.4/docs/api/javax/servlet/http/HttpSession.html).

The second scenario where the user exits the app without leaving the application in the expected manner of clicking the "logoff" button. This leaves your application not knowing if the user is still there or not (unless you have a short session timeout setting). You need to test many session timeout scenarios to see what will work and keep your server from running out of memory.

Regards & God Bless,
Tom Pridham
Coastal Software Solutions, Inc.
Consider Paul's rocket mass heater.
    Bookmark Topic Watch Topic
  • New Topic