Thanks James for pointing me to the HttpSessionBindingListener. We can use that to 'unlock' the user's login id after the session times out. We still need to come up with a strategy where the user needs to log back in after a pc crash and reboot. Not sure what our session timeout value will be, but if it's say 15 minutes, the user logs in, and the pc crashes (not from our app of course), the user would have to wait say 12 minutes for the session to timeout before their lock would be released and they could log in again.
That's why we're thinking of prompting them with a notice that they are currently logged on and do they want to override that earlier logon. -----Original Message----- From: Tony Baity [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 11:45 AM To: Struts Users Mailing List Subject: RE: Ending a Session After Browser Has Gone Away Look in the javadocs for HttpSession and how to use HttpSessionBindingListener . I recommend allowing each browser instance to be allowed to login. Try to be stateless. If you want to do anything at all in the case of session timeout, use the HttpSessionBindingListener Becky Moyer wrote:Just set a short session timeout. 3 minutes of inactivity, session expires. So by the time they reboot, they have to log in again. Yeah, if someone stares at the page for 3 minutes and does something, they have to log in again, but if you're that concerned with sessions getting cleared, then it's not such a big deal. Anything wrong with this? Becky > -----Original Message----- > From: Cohan, Sean [mailto:[EMAIL PROTECTED]] > Sent: Thursday, August 01, 2002 11:33 AM > To: 'Struts Users Mailing List' > Subject: RE: Ending a Session After Browser Has Gone Away > > > Any suggestions? > > -----Original Message----- > From: James Mitchell [mailto:[EMAIL PROTECTED]] > Sent: Thursday, August 01, 2002 11:34 AM > To: Struts Users Mailing List > Subject: RE: Ending a Session After Browser Has Gone Away > > > The web being the stateless environment that it is, you have no way know > (without using javascript) that a user has closed a browser. > > I wouldn't advise to doing this anyway, because the user may have > more than > one window open, so if they close one of them and try to continue > using your > site, they will be met (rather rudely) with your login screens. > > I can't speak for other people, but whenever I'm navigating a > site that does > a shit job of navigation hierarchy, I always use shift+click if I want to > keep the current page and not be sent off deep in the site with no hope of > finding the original spot that sent me. If the site did as you propose, > this would result in a very pissed off user. And you could bet that you'd > hear about it (from me at least). > > Oh well, that's my 2 cents. > > > > James Mitchell > Software Engineer\Struts Evangelist > Struts-Atlanta, the "Open Minded Developer Network" > http://www.open-tools.org/struts-atlanta > > > > > > -----Original Message----- > > From: Cohan, Sean [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, August 01, 2002 11:06 AM > > To: [EMAIL PROTECTED] > > Subject: Ending a Session After Browser Has Gone Away > > > > > > Is there a way to end a user session if the browser has closed either > > through user action or non-user actions such as power outages? > > If not, what > > are typical ways to get around this? We are talking about > > allowing the user > > to login again, checking for a current user session, and if > they have one, > > killing it and starting a new one. Is this a sound approach? Thanks. > > > > > > Sean Cohan > > Software Performance Systems > > > > > > > > -- > > To unsubscribe, e-mail: > > > > For additional commands, e-mail: > > > > > > > > > -- > To unsubscribe, e-mail: > > For additional commands, e-mail: > > > -- > To unsubscribe, e-mail: > > For additional commands, e-mail: > > -- To unsubscribe, e-mail: For additional commands, e-mail: --------------------------------- Do You Yahoo!? Yahoo! Health - Feel better, live better -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
