-1

I am using SessionAware of Struts2 for creating session. When we create session JSESSIONID is added in cookies. But when i quit browser then JSESSIONID is delete. So after quiting browser, When i again open application, it shows that user is not login.

How can i do in struts2 that JSESSIONID should not deleted when browser is closed.

Roman C
  • 47,329
  • 33
  • 60
  • 147
Ashish Agarwal
  • 2,286
  • 1
  • 11
  • 14

2 Answers2

1

That it how session work. If you want to secure your application with login feature, you shouldn't allow an user to access your application easy by just open the browser. How if someone forget to log out.

However, if you still want to store some in browser, use normal cookie and set expiry time.

gstackoverflow
  • 31,683
  • 83
  • 267
  • 574
Joey Chong
  • 1,410
  • 14
  • 19
1

The lifetime of a session is coupled with the browser. After you've closed the last instance (window, tab) of the browser, the JSESSIONID expires.

You need to carefully analyze pros and cons of allowing a user to relogin automatically after the browser has been closed, but if you still want to implement the Remember me feature, this is a must-read:

PART II: How To Remain Logged In - The Infamous "Remember Me" Checkbox

Community
  • 1
  • 1
Andrea Ligios
  • 46,329
  • 24
  • 102
  • 208
  • Thanks Andrea, I am opening my application in Android and IOS Wrapper. When i close application in IOS, i require to do login again. So i require it. – Ashish Agarwal Nov 04 '14 at 09:59
  • I solved it. when user login, I manually added cookie with JSESSIONID name and gave max-age of 1 day. Now browser have two cookie with same name JSESSIONID. But my problem is solve. Thanks again. – Ashish Agarwal Nov 04 '14 at 10:07
  • You are welcome. Feel free to upvote or accept the answer if it helped, thanks – Andrea Ligios Nov 04 '14 at 10:10