I have defined below rules for handling user session.
- When user logs in sessioncreate() of HttpSessionListener will be called and will set user status as online in database.
- When user logs out sessiondestroy() of HttpSessionListener will be called and will set user status as offline in database..
- When user closes the browser/tab, make AJAX call on browser unload/some_other event to destroy the session.
- Since we can not rely on browser events completely, use session_timeout on server side also. On Session timeout event, first make validation call from server to client and confirm if he/she is still available. If received acknowledgement from client, it means browser tab is still open. So we will not destroy the session.
Here in last rule, how to intercept the session destroy mechanism of spring ? How to skip session destroy if acknowledgement is received from client ?
Thanks,
Instead of reactivating the Session from the server after catching the Session timeout event, let me suggest a better way.
Since you want to keep the session active as long as the browser is open, even if user is not accessing (interacting) with the site, send an Ajax ping back the server from the page.
This answer is an example of that - https://stackoverflow.com/a/3877867/6352160
This will solve both the problems - Close sessions automatically when the user has closed the browser tab. Keep session active as long as the tab is open. I would still suggest you keep a Session variable as a counter and allow the session to be open only for a fixed time limit to avoid unnecessarily long running sessions.