why session not getting cleared after browser closed?

Question

I am keep getting output as below:

Inside AuthenticationFilter..
Inside Session!

why session not getting cleared after browser closed? I even kepted page session=false inside index.jsp too , but still not working.. Please someone look into below code and help me getting session cleared after browser window closed.

Below is the code:

index.jsp

<%@ page session="false" %>
<%

/* ServletContext context= getServletContext();
RequestDispatcher rd= context.getRequestDispatcher("/login");
rd.forward(request, response); */

response.sendRedirect("login");

%>

loginServlet

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/**
 * Login servlet.
 */

@WebServlet("/login")
public final class LoginServlet extends HttpServlet {

    private HttpSession session = null;
    private RequestDispatcher rd = null;

    /**
     * Respond to a GET request for the content produced by
     * this servlet.
     *
     * @param request The servlet request we are processing
     * @param response The servlet response we are producing
     *
     * @exception IOException if an input/output error occurs
     * @exception ServletException if a servlet error occurs
     */
    @Override
    public void doGet(HttpServletRequest request,
                      HttpServletResponse response)
      throws IOException, ServletException {

        System.out.println("Inside Login Servlet...");

        PrintWriter out = response.getWriter();
        out.print("<h3> This is login servlet poage ... </h3>");

    }
}

AuthenticationServlet

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;


@WebFilter("/*")
public class AuthenticationFilter implements Filter{

    private HttpSession session = null;

    public void init(FilterConfig arg0) throws ServletException {}  

    public void doFilter(ServletRequest req, ServletResponse resp,  
        FilterChain chain) throws IOException, ServletException {

        System.out.println("Inside AuthenticationFilter..");

        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse)resp;

        session = request.getSession(false);
        if(session != null && !session.isNew()) {
            System.out.println("Inside Session!");
        } else {
            getAccessToken(request, response, chain);
            chain.doFilter(request, response);
        }

    }  

    public void destroy() {}  

    private void getAccessToken(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException {

        session = request.getSession();
        System.out.println("Created new  Session!");
    }

}

can anyone please advice me on above issue.. – Hari Jun 28 '17 at 17:13 — Hari, Jun 28 '17 at 17:13

score 0 · Answer 1 · answered Jun 28 '17 at 16:24

0

browsers cannot "clear" session variable. They have NO direct access to $_SESSION. They can either clear the session ID cookie, giving them a brand new empty session, or YOUR server-side code has to empty out $_SESSION

answered Jun 28 '17 at 16:24

Anshul Sharma

3,432
1
12
17

But session cookies has to get cleared after window closed, right? – Hari Jun 28 '17 at 16:31

score 0 · Answer 2 · answered Jun 28 '17 at 16:26

0

The session timeout is specified in web.xml. Session will be alive even if you close the browser. If you REALLY need to end it you make a request using javascript onbeforeunload method and call

session.invalidate();

answered Jun 28 '17 at 16:26

sebasm

156
10

score 0 · Answer 3 · answered Jun 28 '17 at 16:26

0

You cannot detect when the browser is closed server side. Do do this you'd have to write some javascript to detect the browser closing, and then make a request to your server to invalidate the session for that user with session.invalidate()

answered Jun 28 '17 at 16:26

Jamal H

934
7
23

score 0 · Answer 4 · answered Jun 28 '17 at 19:41

0

This code will invalidate session after 5 mins.

session.setMaxInactiveInterval(300); // 300 seconds

There is no server side solution to detect browser events.

If you still need to detect browser close, refer this thread for client-side solutions.

answered Jun 28 '17 at 19:41

Sundararaj Govindasamy

8,180
5
44
77

why session not getting cleared after browser closed?

4 Answers4