All geek questions in one place

Invalid Session

I have an application based on the jsp servlet with a session time of 30 minutes, I want to cancel the session as soon as a person closes the browser window intentionally or accidentally (shutting down / closing OS / tast manager / powerdown)

Can I check on this and cancel the session?

+4
source share
4 answers

This scenario cannot be processed.

There are several browsers that provide this option as their preference, but you cannot handle this program.

Maximum:

You can poll from the page (there may be a headline) just like gtalk in gmail, as soon as the connection is closed, wipe this session.

+3
source

  • Why do you want to do this, you have already configured it on the server, that the session should remain inactive for 30 minutes, after which it will expire on the server.

  • if you want to do this, use the following javascript or jquery (better for a cross browser), when a view viewing event occurs, send an ajax request to cancel the session by running the following code in jsp ( request.getSession(false).setMaxInactiveInteral(0); )

    From javascript

     <body onbeforeunload="doAjaxCall();"> (or) jQuery(window).bind("beforeunload", function(){ // Do ajax request and dont wait for the response. });

  • You can implement ajax server polling, for example, think that the session will expire after another 2 seconds, send a request to the server side to the client to cancel the cookie, and on the server you can cancel the session.

 if ( (getcurrentTime() - session.getCreationTime()) > 2000 ) { }
  • While the page is displayed, get maxinactiveinterval, and then set the value for the JavaScript variable, then use the setInterval function, pass the inactiveinterval value for the function, as soon as the timeout occurs, you can set the expiration of the cookie.
+1
source

No. I don’t think that you can do this because the browser does not have hooks available to force it to send a disconnect notification (something like) when it closes, and I don’t think there is a server side mechanism for polling recent sessions to check their connection status.

0
source

If you use the tomcat 5.0 / 5.5 / 6.0 container, the cookie generated by the tomcat session manager for session tracking (JSESSIONID) is a cookie (browser-only cookie) instead of a persistent cookie (write to disk). This is because the session manager executes (hardcoded) setMaxAge (-1), so the generated HTTP response contains: Set-Cookie: JSESSIONID=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX; Path=/ Set-Cookie: JSESSIONID=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX; Path=/ and not Expire= date .

So, when the browser is closed (all browser windows or just a window containing a cookie, depending on the variuos browser versions), the cookie - and the session - are lost. [*]

This has nothing to do with <session-timeout> , which is a parameter that tells the tomcat server-side session manager to expire standby sessions for longer than specified.

[*] they will still be stored on the server-side drive until the session timeout, but there will be no request with the activation of their cookie.

0
source

Source: https://habr.com/ru/post/1335829/

More articles:


All Articles