0

I have a requrement to destroy session after 30 seconds of tab/browser close and logout user. If new tab or new window access my website URL, after 30 second it should redirect to login page other wise dashboard should be shown.

There are many threads to similar problem but not getting perfect solution for spring mvc based application.

Suggestions from other threads:

"Session objects live in the server and are controlled by the server. Only the server can create or destroy sessions. So if the client is closed the session lives until it expires. The client can only suggest to the server that it can destroy some session. This request must be explicit somehow. Hence, when you close a browser window, there's no implicit request to the server informing that it must destroy a given session." "If you need the session to be destroyed when a browser window/tab is closed you might attach a JavaScript handler to the onunload event that makes some sort of AJAX call to a resource that call kill the session."

"Note that the onunload event does not always fire so it's not totally trustworthy. (Does not work with new chrome versions) One trusty way might be to use a "heartbeat" system."

Java:Why http session is not destroyed when tab or browser is closed?

Stop people having my website loaded on multiple tabs

Spring 4 STOMP Websockets Heartbeat

Can somebody suggest correct way for spring 4 based application?

Saurabh Kumar
  • 19
  • 1
  • 5
  • Well you have basically answered your own question. There is no "correct" way to do it. The best case is: you can create "mostly working" solution with some edge cases here and there. – Rafal G. Mar 01 '18 at 07:31
  • Did you find any possibly correct solution? It seems to me as that this is such recurring problem in all web that Spring MVC might have given a standard/recommended or the most preferred way to handle this. – Hima Jul 02 '18 at 06:16

0 Answers0