1

I am using java web application jsp/servlet. If the user closes the browser without logging out from a specific page, the session is not invalidated automatically:

  1. login to application
  2. go to specific page and copy that page url
  3. close the browser
  4. open again browser and paste the url that you have copied in 2nd step.

result: user can access same url expected: user must not access url once browser is closed.

kittykittybangbang
  • 2,380
  • 4
  • 16
  • 27
Girdhar Singh Rathore
  • 5,030
  • 7
  • 49
  • 67

1 Answers1

0
$(document).ready(function()
{
    $(window).bind("beforeunload", function() { 
        //Post to the server and close sessions
    });
});
Kram
  • 526
  • 5
  • 11
  • And that fires for reload, page navigation, etc. It does not fire when the browser crashes. – epascarello Jul 14 '15 at 15:48
  • Well this is the best I know.. For my knowledge, you can't do anything if your browser/ server/ client computer crash... – Kram Jul 14 '15 at 15:55
  • 1
    @Kram beforeunload is called on document reload, browser back and browser close event, so i think its not way to invalidate session on back and reload document too. – Girdhar Singh Rathore Jul 14 '15 at 16:39