To force logout, you invoke the session.invalidate() method. The user is effectively disconnected from the session when the browser is closed.So nobody will access it until it expires and then it goes away on its own. Selvakumar: While the session isn't invalidated, it can't be used anymore either.But, the function is also called when the user refreshes the page.I have also considered using the interface Disposable Bean but its dispose() method is also called when the browser is refreshed.
This should also happen when the user clicks on refresh. Originally posted by akhilesh tripathi: when the user clicks on the back button of the browser, the session is invalidated and an error page is shown.
We are seeing the user session timeout prematurely if we do not kill the session when the user closes the popup window. In this case you can't do anything against a database or whatever because once the session expiry is like you are not in the web application, so resources are open... My problem is when there is a session expiry, in that moment I can't do anything.
I need to find a way to invalidate the session when the user closes the browser.