Invalidating session on browser close coping with dating a married man
==== Incidentally, as a bit of a surprise to me, the following code and redirecting the user to the Open Document URL with a logon Token establishes two separate sessions.
Calling logoff() on the bo Session below will close out the first session, but doesn't effect the Open Document session at all.
People tend to forget that HTTP protocol is STATELESS.
So you don't have an open connection which is closed when the browser closes.
Once the user logs out of the application, it is very vital to invalidate the session. Memory utilization: Most of the times, username is not the only data stored in the Session object.
Stack Exchange network consists of 175 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.
I need to find a way to invalidate the session when the user closes the browser.
There are also some other problems involved with timing user inactivity via Java Script on the client. Timer must be reset each time a user constitutes activity with the server to work reliably.
Let's say you set a timer in your browser on page load which will send a request to the server after X min of inactivity to invalidate the session. (e.g with each POST, GET or AJAX request send from the browser to a server) If you are worried about indicating people as offline you could do some polling in AJAX to keep sessions alive and destroy sessions that have not been used in longer than the poll interval. If your application will be used by a small group of people this might work for you.