1) User clicks on Logout on JSP page ( Can this be achieved by explicitly doing session.invalidate() ?) Yes.
2) User clicks on the close button on window This can be done in Javascript but I am told it doesn't work. In that case you have to depend on session timeout. Plus each time a new User logs in make sure the session is first invalidated and then created. Also make sure there is no cache. 3) The session is inactive for lets say 5 mins Add the following entry in web.xml <session-config> <session-timeout>5<session-timeout> </session-config> Where the integer represents time in minutes. You can also do programmatically by saying session.setMaxInactiveInterval(<timeInSeconds>) but the web.xml approach is declarative hence better. 4) The session timeout ( depending on the value set in web.xml) Session timeout is same as session-inactive so the solution in number 3 applies. Thanks, Chetan H All, I am using struts framework and tomcat as the webserver. I want to implement session tracking and explicitly expire the session after a fixed period of inactivity. So the session needs to expire in the following scenarios Can you tell me the best design approach to handle this? Should I take care of all in a class which extends ActionServlet? Regards Prerna The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
