Force end of session when user closes window without logging out

Similar Messages

• Ending session when user closes window w/o logging out

  Hi,
  I tried looking everywhere for a solution to this problem and was unable to do so. I'm running tomcat 4.0.5 on win2k and am trying to prevent multiple user logging capability, but the listeners that I implemented for the session can only detect the creation of the session, and the destruction after the pre-set session invalidation time. So if the user closes the window 15 minutes into the session, the server still has the flag for "logged in" in place and the user cannot log in for the remainded of the session time (which is another 15 minutes).
  Can anyone please help me with this problem?
  Thank you very much,
  Lior

  How can I do that? Do you have any code I could take a look at. Thanks a lot.

• When i close window with multiple tabs angd start new session (open new window) old tabs open again, how can i stop it?

  when i close window with multiple tabs and start new session (open new window) old tabs open again, how can i stop it?

  It is possible that there is a problem with the files [http://kb.mozillazine.org/sessionstore.js sessionstore.js] and sessionstore.bak in the [http://kb.mozillazine.org/Profile_folder_-_Firefox Profile Folder]
  Delete [http://kb.mozillazine.org/sessionstore.js sessionstore.js] and sessionstore.bak in the [http://kb.mozillazine.org/Profile_folder_-_Firefox Profile Folder]
  * Help > Troubleshooting Information > Profile Directory: Open Containing Folder
  If you see files sessionstore-##.js with a number in the left part of the name like sessionstore-1.js then delete those as well.
  Deleting sessionstore.js will cause App Tabs and Tab Groups to get lost, so you will have to create them again (make a note).
  See:
  * http://kb.mozillazine.org/Session_Restore

• [SOLVED] Disconnecting session when client close browser's window or tab

  Hello,
  I'm looking for disconnect my database session and invalidate the session with the "onunload" af:document function. I think that is the same as the "onunload" in "body" html tag.
  I see some documentation about that, for example:
  http://www.oracle.com/technology/products/jdev/htdocs/partners/addins/exchange/jsf/doc/tagdoc/core/document.html
  and I see that is enable to put an EL Expression, so I try with this:
  <f:view>
  <af:document binding="#{backing_user.document_user}" id="document_user" onunload="#{backing_user.logout}">
  <af:form binding="#{backing_user.form_user}" id="form_user"/>
  </af:document>
  </f:view>
  and not works, then I try:
  <f:view>
  <af:document binding="#{backing_user.document_user}" id="document_user" onunload="return logout_function()">
  <af:form binding="#{backing_user.form_user}" id="form_user"/>
  </af:document>
  </f:view>
  and as this, I try a lot of combinations, with no result. I take my time searching in various browsers but, surprisingly, I fount not much information about this (rare, I think is a very interesting matter).
  What is the way to be able this funcionallity?
  Thanks,
  Westh
  Edit: obviusly, logout_function() is a correct javascript function :P

  Hello,
  I resolve my problem. Now I go to describe the steps in a little tutorial.
  Remmember that this is a very basic tutorial that only allow you to do this matter, but not in deep. See bottom links for more information.
  Step's list:
  1) Download Shale framework from http://shale.apache.org/index.html#download
  2) Import all .jar libraries in your application.
  3) Open your web.xml file and add this:
  <context-param>
  <param-name>org.apache.shale.remoting.DYNAMIC_RESOURCES</param-name>
  <param-value>/dynamic/*:org.apache.shale.remoting.impl.MethodBindingProcessor</param-value>
  </context-param>
  4) Consider this:
  4.1) Managed bean --> userBean.java that have this method:
  public void logout () {
  /* Your logout code */
  and this name in faces-config.xml:
  <managed-bean>
  <managed-bean-name>userBeanId</managed-bean-name>
  <managed-bean-class>userBean</managed-bean-class>
  <managed-bean-scope>session</managed-bean-scope>
  </managed-bean>
  4.2) JSP Page --> home.jsp that have this code:
  A clinet listener:
  <af:clientListener method="unloadEvent" type="load"/>
  and this javascript functions:
  <f:verbatim>
  <script type="text/javascript">
  function unloadEvent () {
  window.onunload = function () {
  processUnload();
  function processUnload () {
  var httpRequest;
  if (window.XMLHttpRequest) {
  httpRequest = new XMLHttpRequest();
  } else if (window.ActiveXObject) {
  httpRequest = new ActiveXObject("Microsoft.XMLHTTP");
  httpRequest.overrideMimeType('text/xml');
  httpRequest.onreadystatechange = function() { alertContents(httpRequest); };
  httpRequest.open('GET', 'dynamic/userBeanId/logout.faces', false);
  httpRequest.send('');
  function alertContents(httpRequest) {
  if (httpRequest.readyState == 4) {
  if (!httpRequest.status == 200) {
  alert('There was a problem with the request. Http code: ' + httpRequest.status);
  </script>
  </f:verbatim>
  Assuming the suffix '.faces' is mapped to the JSF servlet.
  With this, you are able to acces to logout method of userBean (using ajax) when client closes window or tab. No servlets, no 'logout.jsp' pages, etc; and the most important thing: the code never be repeat! it's funny :)
  Westh
  Resources:
  http://thepeninsulasedge.com/blog/2007/06/22/adf-faces-rc-more-on-javascript/
  http://thepeninsulasedge.com/frank_nimphius/adf-faces-rich-client-javascript-programming/
  http://www.oracle.com/technology/products/adf/adffaces/11/doc/multiproject/adf-richclient-api/tagdoc/af_clientListener.html
  http://shale.apache.org/shale-remoting/apidocs/org/apache/shale/remoting/package-summary.html
  http://shale.apache.org/shale-remoting/index.html

• Ending a session on browser close only (firefox)

  I'm trying to end a user's session when they close the browser, because they never logout properly.
  I need to change a value in the db after they close the browser only.
  <script type ="text/javascript" >
  var clicked = false;
  var xmlHttp
  var browser = navigator.appName;
  function CheckBrowser() {
  if (clicked == false) {
  xmlHttp = GetXmlHttpObject();
  xmlHttp.open("GET", "../LogOut.aspx", true);
  xmlHttp.onreadystatechange = function () {
  if (xmlHttp.readyState == 4) {
  //alert(xmlhttp.responseText)
  xmlHttp.send(null)
  if (browser == "Netscape")
  alert("Nog een fijne dag.");
  else {
  //alert("Redirected");
  clicked = false;
  function GetXmlHttpObject() {
  var xmlHttp = null;
  try {
  // Firefox, Opera 8.0+, Safari
  xmlHttp = new XMLHttpRequest();
  catch (e) {
  //Internet Explorer
  try {
  xmlHttp = new ActiveXObject("Msxml2.XMLHTTP");
  catch (e) {
  xmlHttp = new ActiveXObject("Microsoft.XMLHTTP");
  return xmlHttp;
  </script>
  That works for every browser except firefox.
  Please help me with this.
  Grant

  Hi MrFunktastic,
  This is not the right forum for your question, the
  javascript section of ASP.NET forums may provide you more help.
  Thank you!
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• How to capture when user closes browser

  I am implementing a scenerio where I need to reset login status in the database to false when a user closes browser without logout. I am at fix, how do I do that ????? With the java script solution, its a browser dependent and may not work with all the browser. With java sessionListener, the sessionDestroyed() method is never called when browser is closed.
  Plz. help... how can I capture the browser closing event. My application is running on Websphere and integrated with active directory for authentication and authorization.
  Thanks in advance......

  SoulTech2012 wrote:
  what about HttpSessionBindingListener?
  javascript solution doesn't sound good to me"hack" was chosen for that reason. Currently, there are no real good solutions for this. The browser runs autonomously from the server so there is not a lot that can be done. HttpSessionBindingListener is intriguing but I bet when the browser is x'd out of there is nothing sent to listen to.
  The first reply "reasonable timeouts" is the most relied on solution. All others are a lot of work for iffy pay back at best. This is one of the issues that has forced me into rather strict no session solutions.

• Invalidate session when user clicks back button

  I want to invalidate the session when user clicks back button, so that user cannot refresh and reload a page.
  Any suggestions will be highly appreciated.
  Message was edited by:
  sam_amc

  * SessionInvalidator.java
  * Created on October 27, 2006, 9:18 AM
  package web;
  import java.io.*;
  import java.net.*;
  import javax.servlet.*;
  import javax.servlet.http.*;
  * @author javious
  * @version
  public class SessionInvalidator extends HttpServlet {
      /** Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
       * @param request servlet request
       * @param response servlet response
      protected void processRequest(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
          response.setContentType("text/html;charset=UTF-8");
          PrintWriter out = response.getWriter();
          String reposted = request.getParameter("reposted");
          if("true".equals(reposted))
              HttpSession session = request.getSession(false);
              if(session == null)
                  // This is step 4 and beyond
                  out.println("<html>");
                  out.println("<head>");
                  out.println("<title>Servlet SessionInvalidator</title>");
                  out.println("</head>");
                  out.println("<body>");
                  out.println("<h1>Servlet SessionInvalidator at " + request.getContextPath () + "</h1>");
                  out.println("I said, your session is now invalid! Now where are those Duke Dollars at?");
                  out.println("</body>");
                  out.println("</html>");
              else
                  Integer hitCount = (Integer)session.getAttribute("hitCount");
                  if(hitCount == null)
                      // This is step 2 (the "good" - "stay" page.)
                      out.println("<html>");
                      out.println("<head>");
                      out.println("<title>Servlet SessionInvalidator</title>");
                      out.println("</head>");
                      out.println("<body>");
                      out.println("<h1>Servlet SessionInvalidator at " + request.getContextPath () + "</h1>");
                      out.println("Your session is good.<br>");
                      out.println("If you click the browser's back button, you will invalidate your session.");
                      out.println("</body>");
                      out.println("</html>");
                      hitCount = 1;
                      session.setAttribute("hitCount", hitCount);
                  else
                      //We've used up our good visit
                      session.invalidate();
                      // This is step 3
                      out.println("<html>");
                      out.println("<head>");
                      out.println("<title>Servlet SessionInvalidator</title>");
                      out.println("</head>");
                      out.println("<body>");
                      out.println("<h1>Servlet SessionInvalidator at " + request.getContextPath () + "</h1>");
                      out.println("Your session is now invalid");
                      out.println("</body>");
                      out.println("</html>");
          else
              // because the javascript in the following output will never allow a user
              // to continue clicking back any further than this, we can safely create the session.
              // (or perhaps the session can already be created here and this may not be necessary).
              // A problem lies where if the user chooses to "select" a page back in history they thereby
              // potentially skip back "over" this functionality, thus defeating the purpose of it.
              request.getSession(true);
              // This is step 1 (indirection)
              out.println("<html>");
              out.println("<head>");
              out.println("<title>Servlet SessionInvalidator</title>");
              out.println("</head>");
              out.println("<body onload=\"document.getElementById('invalidatorForm').submit()\">");
              out.println("<h1>Servlet SessionInvalidator at " + request.getContextPath () + "</h1>");
              out.println("<form id=\"invalidatorForm\" action=\"SessionInvalidator\" method=\"POST\">");
              out.println("<input type=\"hidden\" name=\"reposted\" value=\"true\">");
              out.println("</form>");
              out.println("</body>");
              out.println("</html>");
          out.close();
      // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
      /** Handles the HTTP <code>GET</code> method.
       * @param request servlet request
       * @param response servlet response
      protected void doGet(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
          processRequest(request, response);
      /** Handles the HTTP <code>POST</code> method.
       * @param request servlet request
       * @param response servlet response
      protected void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
          processRequest(request, response);
      /** Returns a short description of the servlet.
      public String getServletInfo() {
          return "Short description";
      // </editor-fold>
  }The problem with even attempting to do this is that with today's browser capabilities, users can optionally choose to jump to a particular page in the browser history and this may not necessarily be the most recent page. In this case, you would also want to invalidate the user's session after already having been there (whatever page that may be). Then you have situations when the user may wish to jump back in history to external pages they were visiting before they reached your own site's pages. Then what happens when they start clicking forward, forward, etc... from there? This is why I prefer writing Swing Clients as alternatives to browser applications. There are soo many possible ways break web applications made for standard web browsers both maliciously and simply by accident or irregular user patterns. Regardless, this servlet would work based on the assumption that all the user(s) would "ever" do aside from moving logically forward is clicking on the browser's "back" button.
  cheers!
  Message was edited by:
  javious

• Call JavaScript when user closes browser containing webcenter

  Hi
  Scenario:
  1. Webcenter is opened in a browser.
  2. User closes the browser
  Requirement:
  - When user closes browser containing webcenter, a java script (or a servlet) should get called.
  As you know, we can call a script in 'onunload()' of body tag.
  But how do we call it with webcenter?
  Thanks.
  Edited by: 873687 on Dec 14, 2011 5:34 AM

  Here is a few links that I found for the JavaScript side you might play aroudn with.
  http://developer.irt.org/script/1230.htm
  http://www.webreference.com/js/tutorial1/reference.html
  http://www.experts-exchange.com/Web/Web_Languages/JavaScript/Q_20953676.html
  http://www.devguru.com/Technologies/ecmascript/quickref/window.html
  And two in German
  http://www.uni-magdeburg.de/service/www/books/muenz/javascript/objekte/window.htm
  http://www.exine.de/clientseitig/js_work_events.htm

• Safari quits when I close window!!!

  Safari quits when i close any window since tiger installation

  Try this link:
  marrakechprod, "Safari quits when I close window....", 06:00pm Jun 16, 2005 CDT

• Switching Users without Logging out on Snow Leopard

  I want to be able to move from one account to another without logging out of either account.  however, when i go to system preferences and click the button for show fast user switching, nothing happens, and when i go back into system preferences it is no longer checked.
  How do I do this?

  The option is grayed out and can't be changed until you click the lock and enter an admin password.

• Force code execute when user closes OOB lightswitch app using the windows close red X

  I've created a lightswitch app using Forms Authentication.  If the user closes the application using the window close red 'X', I need to update a custom user profile table.  Is this possible?

  I use this code and it works!
  I handle the closing event of the user and I break it, execute my code ed after closing the application.
  Under you see the code that I use in my application.vb :
  Public Class Uscita
  ' Dichiara un evento per la classe
  Public Event Event1()
  ' Definisce un metodo per richiamare l'evento
  Sub CausaEvento()
  RaiseEvent Event1()
  End Sub
  End Class
  Protected Sub EsceAPP()
  Dim Obj As New Uscita
  AddHandler Obj.Event1, AddressOf Me.EventoUscita
  ' Provoca l'esecuzione dell'evento
  Obj.CausaEvento()
  End Sub
  Sub Eventouscita()
  Dispatchers.Main.BeginInvoke(Sub()
  RemoveHandler _mainWindowClose.Closing, AddressOf MainWindow_Closing
  System.Windows.Application.Current.MainWindow.Close()
  End Sub)
  End Sub
  Private Sub Application_loggedin()
  Try
  Dispatchers.Main.BeginInvoke(Sub()
  _mainWindowClose = System.Windows.Application.Current.MainWindow
  AddHandler _mainWindowClose.Closing, AddressOf MainWindow_Closing
  End Sub)
  Catch ex As Exception
  MessageBox.Show(ex.Message)
  End Try
  End Sub
  Private Sub MainWindow_Closing(ByVal sender As Object, ByVal e As ClosingEventArgs)
  If MessageBox.Show("Vuoi Veramente uscire?", "Conferma", MessageBoxOption.OkCancel) = Windows.MessageBoxResult.Cancel Then
  'Elimina l'uscita utente
  e.Cancel = True
  Else
  'Interrompe momentaneamente l'uscita dell'utente per eseguire l'aggiornamento della tabella utenti loggati
  e.Cancel = True
  'Aggiorna la tabella utenti loggati ed esce dall'applicativo
  Me.Details.Dispatcher.BeginInvoke(Sub()
  Dim ws = CreateDataWorkspace()
  Dim query = ws.ApplicationData.UtentiLoggatis.Where(Function(c) c.UserName = Me.User.FullName).FirstOrDefault
  query.OnLineImage = MyImageHelper.GetImageByName("RedLight.png")
  query.OnLIne = "OFF"
  query.Logout = Now
  ws.ApplicationData.SaveChanges()
  'Chiama la routine per uscire dall'applicazione
  EsceAPP()
  End Sub)
  End If
  End Sub

• Dynpro application: how to perform some  code when user click window close

  Hello,
  I'm developing dynpro application. This application needs to perform some code when exiting.
  I can do that with MODULE xxxxx AT EXIT-COMMAND. But this code can't be performed when user of application click on button closing window (classic R/3 window, not pop-up).
  Does anybody know how to bind some code to clicking on button closing window?
  Best regards,
  Josef Motl

  As far as the prompt that you get when you close the last window is coming from the counter that SAP maintains regarding the number of open sessions(windows). When this counter reaches 1, I guess they have a check to issue a prompt. There was a discussion in this forum a long time back regarding how we can know that session id like SM04. There was no conclusion reached then. Theoritically, let us know you know this id for the session in which the user opened a particular page, then you can see if that session is deleted and then take the necessary action. There are some TH_* function modules that seem to be promising, but I was not able to conclusively achieve the control over a particular session.
  See if you can look at SM04 and get an idea. Please do let us know if you find the solution.
  Srinivas

• How do i end a sub vi when the close window control is clicked?

  Hi,
  I have a sub vi that sits in a while loop until a 'Done' button is pressed but sometimes the user clicks on the close window control in the top left of the window (MacOS) instead.
  After this has happened I would like control to return to the calling vi but it's as though the sub vi is still waiting for someone to click on the done button and the any user actions in the calling vi are ignored.
  How do I wire the close window into my program so as clicking on either it or the Done button will end the sub vi and pass control back to the calling vi?
  Thanks,
  Dave.

  The "event structure" can capture events for "this VI" that include "panel close". If you are using an event structure to look for the push of the Done button, just add another event that will catch the panel close as well (you can even configure the stucture to not pass on the close event). If you are not using the event structure to watch for the done button, perhaps you should. If you cannot use it in the same loop, you can put it in a parallel loop and use any of several signaling mechanisms to communicate between the loops.

• How to close a session when user clicks Logout

  In my jsp page i create a session for every user's name.
  when particular user clicks logut without closing his personal page,
  the others can access his page.
  so, how to close a session when clicks logout link.?
  similarly when user gets signin one system,he will not be sigin in other system.but how can we achieve this?
  Thanks in Advance

  What is the name of the session variable that you are creating on login? When he clicks logout, set that session variable to null. Like session.setAttribute("userName",null); and check for non-null condition before proceeding with any functionality in your jsp's.
  What is the second question? You want to prevent duplicate logins from different systems? You would have to maintain a static datastructure like a HashMap for instance. Everytime a user logs in, put an entry into the HashMap...like userMap.put("userName","userName"); If an entry already exists, throw a message saying that user already logged in from another machine...

• Forcing End Of Sessions

            Hi,
            I am attempting to implement Session management functionality that will allow
            Administrators to view and if necessary end a User's or a given set of Users HTTP
            Sessions forcing them to re-logon. I am considering using HttpSession.invalidate()
            to end the sessions. This is fine so long as the user is not in the middle of
            a request but if in the middle of a request I am concerned that it will cause
            some nasty errors.
            Is there a better way of safely ending sessions and if a session is invalidated
            mid request will this end the request?
            Thanks in advance for any info or suggestions.
            Jim
            

            Hi,
            Thanks for that. I originally thought that invalidating the sessions was the neatest
            solution but based on the fact that it will kill any requests in midstream (probably
            not ideal for what I am doing) I think I will just update the User's session to
            indicate that they should re-logon. If the User executes another request they
            will be automatcially re-directed to logoff/re-logon.
            Thanks again for your help.
            Jim
            "KP" <[email protected]> wrote:
            >
            >Hi Jim
            >Your concern about "in the middle of a request" is correct and chances
            >of IllegalStateException
            >generation is high. But if think, you must do it, catch this exception
            >and redirect
            >user to login page.
            >Cheers
            >KP
            >
            >"Jim Donnelly" <[email protected]> wrote:
            >>
            >>Hi,
            >>
            >>I am attempting to implement Session management functionality that will
            >>allow
            >>Administrators to view and if necessary end a User's or a given set
            >of
            >>Users HTTP
            >>Sessions forcing them to re-logon. I am considering using HttpSession.invalidate()
            >>to end the sessions. This is fine so long as the user is not in the
            >middle
            >>of
            >>a request but if in the middle of a request I am concerned that it will
            >>cause
            >>some nasty errors.
            >>
            >>Is there a better way of safely ending sessions and if a session is
            >invalidated
            >>mid request will this end the request?
            >>
            >>Thanks in advance for any info or suggestions.
            >>
            >>Jim
            >