Geek Answers Handbook

How to end sessions automatically if user closes browser

I need to end the session automatically when the user is inactive for a certain time, say within 10 minutes. We have a method in

HttpSession session=request.getSession(); session.setAttribute("User", au); session.setAttribute("name", firstname); response.sendRedirect("doLogin.jsp"); session.setMaxInterval();

but this will end the session, even if the user is active for 10 minutes. How to end a session when the user closes the browser?

+4
source share
6 answers

Avoid using manual code.

just in web.xml //this will applied for whole application

 <session-config> <session-timeout>10</session-timeout> </session-config>

Detecting browser close event and calling invalidate method

 if(session!=null) { session.invalidate(); }
+13
source

You can set the session time as shown below in ServletContextListener :

 session.setMaxInactiveInterval(15*60); //in seconds

This will give you the advantage that you can read the session timeout from any external file / property database and change the session timeout without changing the code.

You can use the unload event and send a request to exit to the server. Or continue to send periodic requests to the server, informing the user that they are still active.

+6
source

You need to set the session timeout, that is, the time after which the current Session object will be invalidated.

This can be done either by setting a timeout in your web.xml, for example:

 <session-config> <session-timeout>20</session-timeout> </session-config>

or programmatically call a Session object

 session.setMaxInactiveInterval(valueInSeconds);

Make sure that the session timeout period set in web.xml is in minutes and programmatically in seconds.

+2
source

It is not possible to install an intriguing server that the user is closing the browser. Therefore, sessions have a custom time interval. If you want to do this, try creating an onclose javascript event, and from there make an ajax call to establish a session close to the server. On the server, you can get the session identifier from this call as a parameter and kill it.

I have not tried. Do not think that is right.

+1
source

Question: How to end sessions automatically if the user closes the browser ?
Answer: Set the maximum inactive interval to a time value of less than 0.

Example:

 HttpSession session = request.getSession(); session.setMaxInactiveInterval(-1); session.setAttribute("User", au); response.sendRedirect("doLogin.jsp");
0
source

You can do this from the web configuration file. Sample here

  <sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" stateNetworkTimeout="10" sqlConnectionString="data source=127.0.0.1;Integrated Security=SSPI" sqlCommandTimeout="30" customProvider="" cookieless="UseCookies" cookieName="ASP.NET_SessionId" timeout="10" allowCustomSqlDatabase="false" regenerateExpiredSessionId="true" partitionResolverType="" useHostingIdentity="true"> <providers> <clear /> </providers> </sessionState>

The timeout property will indicate the timeout period.

-1
source

More articles:


All Articles