Geek Answers Handbook

HTTP request from browser after session timeout

I have a user interface served by two HTTP servers. Therefore, I need to clear the HTTP session from both servers. This is easy to use in case of logout, but it is not clear how to do this in case of using session timeout.

Server-side notification is possible through the HttpSessionBindingListener Receive notification when restricting / limiting an HTTP session . But how can I notify the client site about this? I need to send a request from the browser to the second server in order to clear the session cookie on the second server, and therefore I cannot send the request from the server.

Added

One server is Tomcat 8, and the second is the Apache HTTPD server. I want to solve it with a UI callback (from Tomcat HTTP Servlet Server).

+8
session notifications
source share
2 answers

From the Apache HTTPD documentation (Apache):

Session Integration with External Applications

https://httpd.apache.org/docs/2.4/mod/mod_session.html#integration

  • You can write your own module, then you can use this module to delete sessions after Tomcat considers them to be one-time.
  • You can use a session database external to both Tomcat and Apache (for example, in MySQL), both servers will check users with it. Removing a session would simply require deleting the record from the database.
  • As a stand-alone application: as a state of documents, you must search for and access session files, split them and edit them. If Tomcat and Apache are on different machines, you may have an agent with a listener in the Apache field, and Tomcat will ask the agent to delete the session data.
  • Apache usually comes with PHP, and there are also databases. Both can have their own processing sessions.
+4
source

There are several approaches you can try.

  • As @ Kwebble already mentioned, for a Tomcat session timeout, you can call your Apache server and ask it to log out / not use the session.

  • If the timeout session is in Tomcat, the user interface will find out about it when it makes any request. Now, from the user interface, make a call to the Apache server to log out / cancel the session.

0
source

More articles:


All Articles