-1

I have defined below rules for handling user session.

  • When user logs in sessioncreate() of HttpSessionListener will be called and will set user status as online in database.
  • When user logs out sessiondestroy() of HttpSessionListener will be called and will set user status as offline in database..
  • When user closes the browser/tab, make AJAX call on browser unload/some_other event to destroy the session.
  • Since we can not rely on browser events completely, use session_timeout on server side also. On Session timeout event, first make validation call from server to client and confirm if he/she is still available. If received acknowledgement from client, it means browser tab is still open. So we will not destroy the session.

Here in last rule, how to intercept the session destroy mechanism of spring ? How to skip session destroy if acknowledgement is received from client ?

Thanks,

Sandip Patel
  • 21
  • 7
  • Just to clarify, do you want to keep the session active as long as the browser is open? even if the user has not done any task on the screen? – Shankar Dec 24 '16 at 19:19
  • Yes session should be active. I have a requirement that user will be selected at random. So till then he will be waiting. – Sandip Patel Dec 25 '16 at 04:33
  • As you already sending some event on browser unload event, its fine to perform logout on server side by invalidating session as soon as ajax request come with some parameter like action='logout' and as safer side you can set maximum inactive time out by setting session.setMaxInactiveInterval(15*60);//inseconds – Jekin Kalariya Dec 25 '16 at 06:04
  • Here i am not using any ack sending from client to server at regular interval. It will consume some traffic. Instead i want to user server to client request for knowing status of client. If received some reply from client then will know that client is still open even if no activity. I do not want session to terminate except logout/browser close. – Sandip Patel Dec 25 '16 at 06:32

1 Answers1

0

Instead of reactivating the Session from the server after catching the Session timeout event, let me suggest a better way.

Since you want to keep the session active as long as the browser is open, even if user is not accessing (interacting) with the site, send an Ajax ping back the server from the page.

This answer is an example of that - https://stackoverflow.com/a/3877867/6352160

This will solve both the problems - Close sessions automatically when the user has closed the browser tab. Keep session active as long as the tab is open. I would still suggest you keep a Session variable as a counter and allow the session to be open only for a fixed time limit to avoid unnecessarily long running sessions.

Community
  • 1
  • 1
Shankar
  • 2,625
  • 3
  • 25
  • 49
  • Thanks but I dont want to send ajax ping from browser to server. That will consume lot of bandwidth for lacs of custmers using website. Instead I have chosen to confirm from client if he is still on website by asking for acknowledgement. – Sandip Patel Dec 27 '16 at 12:54
  • I am able to find part of my answer here. Can somebody extend it to prevent session destroy ? – Sandip Patel Jan 02 '17 at 07:58
  • Forgot to give link: http://stackoverflow.com/questions/3943368/invoke-method-just-before-session-expires – Sandip Patel Jan 02 '17 at 07:59