5

I am trying to clear the HttpSession if the consumer close the browser window. I dont know how to do it, Please help me anyone

Thanks & Regards Chakri

chakri
  • 629
  • 3
  • 11
  • 21
  • Where is your session stored? in cookies? – Sandeeproop Jun 17 '14 at 09:36
  • I tried alot to solve this issue long back my dear bro :) see weather it helps. http://stackoverflow.com/questions/16272137/how-to-end-sessions-automatically-if-user-closes-the-browser/16272150#16272150 – Suresh Atta Jun 17 '14 at 09:45
  • @sᴜʀᴇsʜᴀᴛᴛᴀ, i know session.invalidate(); is clear the session data but i don't know how to detect consumer closed the browser or not ? – chakri Jun 17 '14 at 09:54

5 Answers5

2

If you could get the browser to (reliably) notify the server that the user had closed the window, then the server could call session.invalidate() as per the original Answer provided by ejay_francisco.

The difficulty is getting the notification to happen reliably. There are various ways to detect the window close; e.g. as covered by these Questions (and similar):

You could then write the (javascript) close event handler to send a specific request to the server.

However, I don't think any scheme is going to be able to deal with cases where the user's browser dies, the user's machine is shut down, and similar scenarios. So if you need the session to be cleared 100% of the time, then you are probably out of luck. I don't think it can be done.

Community
  • 1
  • 1
Stephen C
  • 698,415
  • 94
  • 811
  • 1,216
1

It can be archived in a little diffrent way.

  1. use a javascript event known as "window.onbeforeunload"

    e.g window.onbeforeunload=mylogic_function(); function mylogic_function() { window.location.href = "path to the servlet which inavalidate the session"; }

  2. Have a dedicated servlet which job is only to deactivate the session

Try this ..hope this will work

Diptiranjan Sahoo
  • 11
  • 1
0

EDITED :

try reading the answer on this Page

"HTTP is not a continuous-conversation protocol where the client connects to the server and they trade information asynchronously until the client disconnects.

Instead, each HTTP client request acts like it logs in, does one thing, then logs out. This request/response cycle repeats until the client stops sending requests.

At NO time is the server allowed to send a response to the client unless it's in response to a specific actual request and only one response is permitted per request.

So you cannot have a server post a "you timed out" page to the client. The closest you can get is to respond with a "you were timed out" response page if/when the client makes a request.

The other common thing people want to do is to notify the server that the client has closed a browser, window, or tab. There is no protocol defined for the World Wide Web to deal with that. If the user closes a server window/tab, the server is not notified by the client. Since there is no ongoing session to be dropped (remember, the connection only lasts long enough for the server to accept a request and return a response), there's no way the server will know that the client went away."

SUMMARIZATION :

YOU CAN'T DO IT

Possible Workaround :

You simply need to rely upon the session timeout. The timeout could happen at any time and you cannot even know if the user is even looking at one of your pages when it occurs. It's likely they're off looking at videos of kittens at the time.

Yaje
  • 2,753
  • 18
  • 32
  • I think OP is asking how to get notifyed of the close event of user agent (client) on the server side. – A4L Jun 17 '14 at 09:41
  • That's fine, but a link as an answer is very much frowned upon in SO. That link can go dead. You need to provide an actual answer here and only use a link as a reference for further reading. – Gimby Jun 17 '14 at 09:48
  • @Gimby thanks for helping me improve my answer. lesson learned – Yaje Jun 17 '14 at 09:51
0

Short answer: you can't. Fortunately, sessions expire automatically after a period of time; check your servlet engine documentation to see how to set this timeout period.

I felt that there should be a way to do it from JavaScript; unfortunately, JavaScript doesn't seem to have an onWindowClose handler.

Girdhar Singh Rathore
  • 5,030
  • 7
  • 49
  • 67
-1

if you close the browser it is already clear the session

but if you want to force to clear the session

usesession.invalidate(); or if you want to remove specific session use session.removeAttribute("<sessionName>");

wrecklez
  • 343
  • 2
  • 4
  • Why was this answer downvoted? I use a similar approach. An attribute is null, then when someone logs in I set the attribute to the user name. If they try to log in again and name is != null, they arent allowed to log in again (for reasons to long to explain), but if they close the browser, the session ends, and attribute is again null for a new session that starts when they log in again. My beginner understanding is that servlet container is supposed to handle sessions "automagically" so as to let developer concentrate on business logic. – brat Apr 08 '20 at 14:32