Home / Interacial bisexual sex chat sites / Invalidating session on window close

Invalidating session on window close

If you can capture a closure event, then that's good. two minutes) and have some Javascript running in the background of the page to do some regular hidden "keep-alive" activity with the server (e.g.

every 90 seconds) as long as the corresponding tab/window is open.

If the last activity was more than X minutes ago, consider the session expired and explicitly expire the session cookie by setting an expiration time far back.

Setting a cookie expiration time far back in the past (1971-01-01 for example) will tell the client it can garbage collect the session cookie, while still making sure you do the actual expiring on the server side.

This should be done by server-side check: On each (valid) request, store the request time in/for this session.

Whenever a subsequent request is made, check the current time against the previous request time.

What is usually done is: From your question, I suppose that you would like the browser "closure" to act like a logout button.No way is guaranteed to work (across all major browsers and their different versions).Your connection could be dropped, or power go down which would make any 'on Close' event unreliable.I need to find a way to invalidate the session when the user closes the browser.We are currently calling a servlet from a javascript function that is called via the onunload function.While this approach will work in a simple scenario a couple of points should be addressed before you begin implementation. Otherwise maintenance of hundreds or thousands of connections via polling will do more harm than good.This week's book giveaways are in the Scala and Android forums.You can try to time out sessions after a certain amount of inactivity.However there is no guarantee that a user hasn't just gone to lunch and wants an open session when they return.I have been looking at the pages of the banks and seems to works ok, so I suposse there will be a way to face this.Maybe the ICEfaces developers could clarificate how to face this kind of stuff. The server will invalidate your session anyway after X minutes of inactivity.

44 comments

  1. Session id destroy when browser or tab is closed. Since there is no ongoing session to be dropped. Window close or tab close event in jsp & servlet. 2.

  2. Invalidating session is done in page. What would happen to my session if I close the browser window wihtout logging out from my web application?

Leave a Reply

Your email address will not be published. Required fields are marked *

*