Courses
Sections
Projects
Wiki
News
Forums
Surveys
Mailing Lists| Author | Message |
|---|---|
|
mrighetti
Posts: 20
|
Posted 12:12 Apr 20, 2011 |
Is there a way to destroy the HttpSession Object when the user closes the browser? Or is there a way to have the session invalidated without the user selecting the "Logout" Servlet besides setting the inactive interval to 0? |
|
cysun
Posts: 2935
|
Posted 12:14 Apr 20, 2011 |
You can use the method invalidate() in HttpSession to invalidate a session. Not sure if this is what you are asking though. |
|
mrighetti
Posts: 20
|
Posted 12:20 Apr 20, 2011 |
I was referring to a way to call that method without the user's input, i.e. the user closes the browser without logging off. |
|
cysun
Posts: 2935
|
Posted 12:30 Apr 20, 2011 |
As I said in class, a session can be dropped by either the client or the server, i.e. you don't have to do it on both sides. It's true that if the user closes the browser, the session is dropped, but the objects associated with the session will stay on the server until the session expires, which is a waste of server resources, and there's nothing can be done about it. In practice it's usually not a big deal though because the data associated with a session is usually not much. |
|
mrighetti
Posts: 20
|
Posted 13:41 Apr 20, 2011 |
Should we account for the instance of a user navigating away from the page but not closing their browser? That was the original scenario I meant to describe, but incorrectly said "close" versus "navigate away". |
|
cysun
Posts: 2935
|
Posted 15:59 Apr 20, 2011 |
In that case the user could still come back so the session should be kept (until it expires) and nothing needs to be done. |
