Destroy Session after closing the browser

Hello,
After a user has logged in , a session is started (in java based application)
The session is destroyed after user clicked :Log out
when the user forgets to logout and closes the browser immediately, the session still exists because when the user oepn the browser again and comes back to the site he/she is still logged in.

I want the session to be destroyed when the user closes the browser immediately.

Is there a way to destroy a session. ( I have seen ,when you open any banking website and
close the browser ,it  immediately logout from that session)

Best Regards
LOVINSINGHAsked:
Who is Participating?
 
siddagrlConnect With a Mentor Commented:
Read my second last paragraph as follows:

Similarly if user does not explicitly, closes the window, and open your site again, then the browser will not send the unique ID and you can deduce that it is a fresh request (then destroy the current session if present and show the login page to user)
0
 
LOVINSINGHAuthor Commented:
I need your help urgent. thanks in advance
0
 
selvolCommented:
http://mibew.org/forums/index.php?topic=383.0





<script type="text/javascript" language="javascript" src="${webimroot}/js/jquery.js"> </script>

.............................................

<script type="text/javascript">

jQuery(window).unload(function(){
	jQuery("a.closethread").trigger("click");
});

</script>

Open in new window

0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
Sathish David Kumar NArchitectCommented:
use HttpSessionListener
0
 
siddagrlCommented:
>> I want the session to be destroyed when the user closes the browser immediately.
This could be done (using the following code), but not advised as it is not reliable (and foolproof too) and does not work on all browsers!

You also need to take care whether to send the log out info to server or not because this will be called every time the form gets unloaded (back, next, refresh etc)
    This situation could be handled by taking a javascript variable (say var isLogout = true;) keeping default as true and setting it to false everytime if user navigates away from the page manually.

=======
<script language="javascript">
// call the following on "onload"
function logOutAndSleep()
{
   if (isLogout == "true")
   {
   delay = 2000; // mili-seconds

   // send log out info to server here.

   // keep browser busy till it sends the above info "asynchronously"
   // otherwise browser will exit immediately
   var start = new Date().getTime();
   while (new Date().getTime() < start + delay);
   }
}
=======

>> I have seen ,when you open any banking website and close the browser, it  immediately logout from that session
No, it does not immediately logs out, instead it ensures not to use the existing session information if user logs in again.


Instead I would advice you to generate a different unique ID (in javascript) for each request and send to server. and if user presses back / refresh button, you will get the same ID as in previous one and logs out the user immediately.

Similarly if user does not explicitly, closes the window, and open your site again, then the browser will not send the unique ID and you can deduce that it is a fresh request (and you can log out the user)

See the following also for more info:
http://stackoverflow.com/questions/665399
0
 
LOVINSINGHAuthor Commented:
thanks
0
 
siddagrlCommented:
if you use jQuery then you might want to try setting the async to "false" when sending the request (using ajax function) to server on unload!

See the following for more info.
http://stackoverflow.com/questions/1821625/ajax-request-with-jquery-on-page-unload
$(window).unload(function() {
        $.ajax({
            url: window.location.href,
            async: false,
            cache: false,
            type: "POST",
            data: {"logout", true}
        });
});

Open in new window

0
All Courses

From novice to tech pro — start learning today.