I keep a lot of resources associated with my sessions
so I need to kill the session as soon as possible
after the browser is closed. I use a small applet and
in it's destroy() method, I send back a message to the
servlet that contains the browser's session Id. The
servlet then invalidates that session.
It is fairly simple to implement and the applet is
small so it is not a great deal of overhead.
Nicholas
--- Rajendra Mishra <[EMAIL PROTECTED]> wrote:
> Hi Craig,
> Is this also true for any other cookies which we
> may write from the
> servlet? For exp, i have a servlet which writes a
> cookie. then through
> another servlet, this cookie is changed. However,
> this cokie is not saved in
> the file till the browser is closed(netscape only).
> The cookie-values which
> are passed to the server are the ones which were
> saved before the browser
> was opened(IE as well as Netscape) and not the new
> one.
> How can we update the cookies so that the new
> values are passed without
> killing the session?
> Raaj.
>
>
> ----- Original Message -----
> From: Craig R. McClanahan
> <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, December 21, 1999 8:30 PM
> Subject: Re: Expiry of session
>
>
> > Jean Bresse wrote:
> >
> > > Hi:
> > >
> > > I know that a session can be destroyed by
> invoking the invalidate()
> > > method. It can also be destroyed once a certain
> time has passed,
> > > usually 30 minutes. The problem is as follow:
> > >
> > > 1) User A starts a session, then closes his/her
> browser.
> > >
> > > 2) User B starts the invokes the same browser.
> > >
> > > Our environment wants to treat user B as a user
> with no session (for
> > > example, the user is prompted to log on, and
> only THEN a session is
> > > instantiated). Is there a way for the server to
> destroy the session
> > > upon the user closing the browser?
> > >
> > > If this is the right way to approach the
> problem, suggestions for
> > > solution are most welcome! If any of the above
> is incorrect, your input
> > > is even more appreciated!
> > >
> >
> > Most servlet containers configure their session ID
> cookies with the age
> value
> > that says "this cookie expires when the browser is
> closed" for precisely
> this
> > reason. In Java, you do this by calling
> Cookie.setMaxAge() with a
> negative
> > argument. Therefore, as soon as user A closes the
> browser (or it crashes
> on
> > them :-) and user B starts it, all the session
> cookies are gone.
> >
> > As a side effect (for Netscape at least) this
> setting causes the cookie to
> > never be written out to the cookies.txt file,
> since there is no reason to
> save
> > it. This reduces the risk of someone being able
> to snoop your hard disk,
> swipe
> > your session ID, and impersonate you.
> >
> > >
> > > Jean Bresse
> > >
> >
> > Craig McClanahan
> >
> >
>
___________________________________________________________________________
> > To unsubscribe, send email to
> [EMAIL PROTECTED] and include in the
> body
> > of the message "signoff SERVLET-INTEREST".
> >
> > Archives:
>
http://archives.java.sun.com/archives/servlet-interest.html
> > Resources:
>
http://java.sun.com/products/servlet/external-resources.html
> > LISTSERV Help:
> http://www.lsoft.com/manuals/user/user.html
> >
>
>
___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED]
> and include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives:
>
http://archives.java.sun.com/archives/servlet-interest.html
> Resources:
>
http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help:
> http://www.lsoft.com/manuals/user/user.html
>
=====
--
Nicholas Whitehead
Marketwide Software & Consulting Inc.
[EMAIL PROTECTED]
Home: 973 377 9335
Current Office: 212 559 9314
__________________________________________________
Do You Yahoo!?
Thousands of Stores. Millions of Products. All in one place.
Yahoo! Shopping: http://shopping.yahoo.com
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
