How to invalidate a session explicitly when a browser is closed

Similar Messages

• Persisting a session even when the browser is closed

  i want to persist a user session even when the browser is closed. How to do it through cookies. I know i define a cookie, set its max age and then put that in response. But its not working.
  I am using I.E

  i am not sure if i am doing something wrong. the cookies are enabled and i see that for ie 7, if i open a new tab the session is maintained but if i open a new window (of I.E. 7) altogether then the session is not maintained. Interestingly the code is working in firefox. is there some problem with the I.E. only?

• Destroy the session automatically when the browser is closed by user

  Is it possible to automatically destroy a session when the browser is closed by the user with the X?
  Basically, what we want to do is to create the same effect when the user is closing the browser (with the X button) as when the ordinary log out button is used. That is to have the session destroyed.
  Any ideas?
  /Carl-Johan

  Hope this helps...
  Refer note : 904155
  from SAP Note 904155----
  Symptom
  A BSP application is not terminated correctly when the user closes the browser window or navigates to other URL.
  The popup window, which appears on browse closure, contains the
  text representing <img> HTML element content in the escaped
  form, like that:
  <IMG WIDTH=quot; HEIGHT=quot; SRC="...
  After the popup disappears, the session remains opened.
  Since the session is not removed, that may result in database locks that still remain and can be found in transaction SM12.
  Other terms
  Business Server Pages, WebAS, sessionexit, session termination, SM12, SM04, SYSTEM, session_single_frame.htm
  Reason and Prerequisites
  Reason:
  The problem is caused by the minor code inconsistency in BSP application SYSTEM -> page SESSIONEXIT.HTM.
  Prerequisites:
  1. The application is using the SYSTEM application page SESSIONEXIT.HTM for logoff. When it runs, suddenly HTML source code appears on the logoff screen.
  2. SAP_BASIS 620 SP57 or SAP_BASIS 640 SP15 or SAP_BASIS 700 SP06 are installed.
  Solution
  Please install SAP_BASIS 620 SP58 or SAP_BASIS 640 SP16 or SAP_BASIS 700 SP07
  or
  apply the code correction as described below:
  1. Go to BSP Application SYSTEM.
  2. Select page SESSIONEXIT.HTM and turn on Change mode.
  3. Change the line:
  <%=application->session_exit( exit_url = app-exit_url namespace = app-appl_ns name = app-appl_name page = app-page_name )%>
  to:
  <%raw=application->session_exit( exit_url = app-exit_url namespace = app-appl_ns name = app-appl_name page = app-page_name )%>
  Arun
  P.S Assigning points is a way of saying thank you on SDN
  Message was edited by: Arun Varadarajan

• How to invalidate a session based on the session id

  How to invalidate a session based on the session id

  You have to write your own support for this.
  It used to be in the API, but was deprecated as a security hole.
  The best way to do it is implement a session listener (javax.servlet.http.HttpSessionListener) which notifies you when sessions are created/destroyed.
  You can then keep a map of sessions in your own code, indexed by session Id, and access any/all of them to invalidate as you choose.

• How to logout an user when the browser is closed?

  Hi,
  does someone knows how to logout an user when the browser is closed?
  Thanks.

  Hi,
  There is an api wwctx_sso.cleanup_sessions which removes old sessions. This takes a parameter "p_hours_old" which indicates the age of the sessions which need to be removed. There is a job which runs which in turn calls this api to clean up sessions which are 7 days old or 168 hours old. You can see this from the dba_jobs table. You can try running this api.
  Thanks,
  Sharmila

• What happens when the Browser is Closed?

  Hi,
  Does anyone know for sure what happens to your CF template that is running on  the CF server when the browser is closed by the user.  Does the CFML continue to  be processed or is the template aborted?
  Suppose the user hit's submit to  a long running process (relatively) and the user closes the browser.  Does your  code keep running?  Or does CF abort the process?
  This seems to be a  tricky question as I've posed it indirectly for an e-commerce related question  involving CFHTTP (which may be different).
  Thanks,
  hefterr

  The code will keep running, CF has no concept whatsoever of the fact the browser has closed.

• How do I close a PDF document automatically when the browser is closed?

  I have a web app writen in HTML/ASP. In order to acccess this app, our users have to enter a password and user id. Once on the main page of the app, they can click on a link which opens the reader in another window. Quite often, when finished with the app, they close the browser, but leave the reader window open (with sensitive information). It is becoming to riskly to hope that they remember to close that window also, even with visual reminders. I would like for that window to close automatically when the browser with the app is closed.
  Can this be done?

  Let me elaborate a little more on what I am trying to do.
  (1) A website (#1) is opened after entering a UID and PWD.
  (2) Within website #1, a link is clicked which opens a second web app (#2) in a seperate window using window.open().
  (3) Within website #2, a user can click on a link which opens a PDF as _SELF.
  (4) If the user:
       (a) exits out of website #1 by closing the brower
       (b) we would like to automatically close the PDF from website #2 also, as this contains sensitive information and most of the time the users are forgetting to close it

• Does the sharedObject get destroyed when the browser is closed?

  hey guys, so i just wanted to make sure that when my internet browser is closed it destroys or clears my sharedObject??
  right now i wasnt sure so im doing somehting like the following
  public var sharedObj:SharedObject;
  if(sharedObj != null){
       sharedObj.clear();
  sharedObj = SharedObject.getLocal(...);
  i just wnated to make sure that this is the most effective way to destory the sharedObject just in case there is one left in the browser...
  is there another way to make sure i clear the sharedObjects??

  hello cyber0897,
  No sharedObjects are stored in a cookielike textfile on the clients harddrive, As far as I know there is not an option like with cookies to be destroyed after the browser closes.
  The reset you wrote should be in another order:
  var mySharedObject:SharedObject = SharedObject.getLocal....
  //the above will never give null, because it is created when it doesnt exist.
  //the if (object != null) is useless because of the above, in your post it will be always null, since it is not instantiated...
  mySharedObject.clear();
  mySharedObject.flush(); //not sure if this is neccesary
  You could reset the sharedObject when initializing your application, but if you just want to store variables and get them wherever you need them in your app you could use the singleton class below
  Usage:
  <s:TextInput id="text1" text="@{PrefObj.instance.myString} />
  <s:TextInput id="text2" text="@{PrefObj.instance.myString} />
  (the @ only works in flex 4)
  PrefObj.as
  package
      import flash.events.EventDispatcher;
      [Bindable]
      public final dynamic class PrefObj extends EventDispatcher {
          private static var _instance:PrefObj = new PrefObj();
          public function PrefObj(){
              if (_instance != null){
                  throw new Error("PreferencesManager can only be accessed through PreferencesManager.instance");
          public static function get instance():PrefObj {
              return _instance;
          //add your variables here:
          public var myString:String = "";  

• How to invalidate old sessions when new user access appl  on same machine

  hi all,
  I am using Mozilla browser to access my web application.User one access my application using his credentials .but i left that browser open.after that I am opening the another Mozilla window and accessing my application using different credentials ex:user2 credentials .user 2 also can access my application.but when i open the first browser ..am automatically getting second user session.how can we avoid this problem.
  Application is using session identifier(jSessionID) as the URL parameter for session management.
  is it possible to invalidate the old session when new user access on same machine.
  thanks,
  Vishnu

  VishnuReddy wrote:
  hi all,
  I am using Mozilla browser to access my web application.User one access my application using his credentials .but i left that browser open.after that I am opening the another Mozilla window and accessing my application using different credentials ex:user2 credentials .user 2 also can access my application.but when i open the first browser ..am automatically getting second user session.how can we avoid this problem.That shouldn't occur. Either you explained it the wrong way (or I interpreted it the wrong way), or there's huge bug in your login/logout logic. After opening another window inside the same session, you should still be logged in as the first user.

• How to invalidate jsp sessions when using BC4J???

  Generally, this is one way of invalidating:
  <%
  if (request.getSession(false)!=null)
  session.invalidate();
  %>
  But, what is JDEV TEAM recommended way?
  session.invalidate() gives a java.lang.ClassCastException
  error in web-to-go
  Please help.
  Thanks.

  repost

• How to keep old session id when a new session is created in web site

  Hi,
  I have a question about HttpSession in a Struts framework based project development.
  I have a web page "a.jsp" in public site (no need login) which can navigate to other pages/links. There is a button on "a.jsp" to popup a new window "pop.jsp" and create a session (session1). Usually, when I navigate to other pages/links from "a.jsp", it doesn't affect this "pop.jsp" and its session1. However, if I try to goto a secure site - a login page "login.jsp" from "a.jsp", since the "login.jsp" needs to kill current session before the login, the current session1 within the "pop.jsp" is killed at that time. When I go back to "pop.jsp", it will create a new session2 and the original session1 attributes does not exist any more. Therefore, I need to save the session1 id in somewhere to compare it with new session2 id when session is changed, and display some message in "pop.jsp".
  Do anyone know how/where to keep session1 id? Any sample/suggestion would be appreciated.
  Hanna

  check reply 2 of [http://forum.java.sun.com/thread.jspa?threadID=5279453&tstart=0|http://forum.java.sun.com/thread.jspa?threadID=5279453&tstart=0]
  like that you can comapre

• How to invalidate the session

  hi,
  i am using the following code in the action class to close the session in uix pages. But i am unable to close the session. Any suggestions would be appreciated.
  public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
  HttpSession session = request.getSession(true);
  session.setAttribute("displayStatusGB","false");
  session.invalidate();
  System.out.println("session is invalidated");
  return mapping.findForward("success");
  with rgds
  parameswaran

  Hi,
  you could remove them explicitely:
  HttpSession sess = request.getSession(true);
    for (Enumeration e = sess.getAttributeNames() ; e.hasMoreElements() ;)
            sess.removeAttribute((String)e.nextElement());
          }(you may want to be specific on which attributes to remove)

• How to make the session expire when the refresh button is clicked

  Hi All,
  I am writing a Struts application where I want the session to expire when the user clicks refresh button or refresh the page by hitting F5, like any Bank sites. Any help will be appreciated.

  The trick isn't invalidating the session. The trick is detecting refresh requests.
  The Synchronizer Token pattern can handle this.
  Struts can do this for you. Check out [this article|http://www.javaworld.com/javaworld/javatips/jw-javatip136.html?page=1]
  Cheers,
  evnafets

• How to force the end of an user session when the browser is closed?

  Hi,
  When the user close the browser, the portal session remains. If the user open a new browser window, we ill be back to the portal without the need of a new Login. Is there any way to force a new login in this situation. A similar problem happens also when there is a reboot in the application server. After the reboot, all users can connect to the App Server without the necessity to login.
  Is ther any way to avoid this kind of behavior?
  Thanks.

  Ok... Its as i thought... unfortunatly...
  Gonna mark your latest post again as possible solution, just in case someone comes with any sort of out of the box thing...
  Thx for your help Kglad

• How do I stop Messages notifications when the app is closed?

  Messages have an annoying tendancy to still "come through" even after I've quit the program, popping up in the right hand corner of my screen until I attend to them.  How do I stop this from happening?  There are many times in the day when I'd like to not receive messages from contacts/friends/families and just concentrate on work.  I can turn my phone off, silence it, etc. to stop messages from coming through there, but on my computer, where I am working, turning off the device in question is not an option.  With Messages on Mavericks, quitting the program doesn't seem to do the trick.

  Alternative.
  In Messages > Preferences > General Section.
  Untick the "When I Quit, Set the Status to Off Line"
  This will stop the IMAgent Support app "listening" to the servers for new messages.
  It works best if there is a Buddy list account as well as iMessages (such AIM or Jabber).
  9:33 pm      Wednesday; April 30, 2014
  ​  iMac 2.5Ghz i5 2011 (Mavericks 10.9)
   G4/1GhzDual MDD (Leopard 10.5.8)
   MacBookPro 2Gb (Snow Leopard 10.6.8)
   Mac OS X (10.6.8),
   Couple of iPhones and an iPad