How does Java web-app with @SessionScoped Bean know if browser is re-started?

This is a pretty basic question. I'm learning from a textbook about JSF web apps, and using a @SessionScoped Bean to manage the session. The book mentioned that if you close the browser, the session ends, and this was easy to verify with testing. But I am not sure how the web app is informed that the browser has been closed and re-opened. I couldn't find any cookies stores locally. So how does the web app get this info?

Thanks!

2012-04-05 19:05
by The111

Related: http://stackoverflow.com/questions/3106452/how-do-servlets-work-instantiation-session-variables-and-multithreading/3106909#310690 - BalusC 2012-04-05 21:12

If you close the browser, the session remains!!!!. It eventually times out due to a maximum inactive interval and gets removed from a background HashMap (assumed implementation detail) that maps the sessionID to the Session object - MJB 2012-04-06 02:49

@MJB, There are at least two kinds of sessions. The one that http server uses to store user data and the browser session. Think browser lifecycle since its started and until it's been closed. You want to catch this? Then you create a session cookie and by checking it you assure whether the new browser session is started or not - ahanin 2012-04-07 10:42

It's a Session Cookie that does the magic.

2012-04-05 19:07
by ahanin

Thanks. The other weird thing is that I saw nothing in the code of the simple page created that suggested a cookie was being created. Maybe the web app server (Glassfish) creates basic session cookies by default somehow when used @SessionScoped? Also still seems weird I couldn't find the cookie in my Firefox cookies database, but maybe I wasn't looking correctly - The111 2012-04-05 19:25

I think they are store in-memory, you can check request headers with help of FireBug easily. You should see your cookie there - ahanin 2012-04-05 19:27

In fact when you arrive to any web page of your application, you start an http session. Then your browser stores a sessionId used as identifier for following requests.

So when the browser is closed, there is no way that your application knows about that.

The only way to finish the session from the server side is by setting up a timeout in the web.xml. When there is no request form the browser before the timeout is triggered, then all the methods in the managed beans of this session annotated with @PreDestroy will be called and then everything will be cleanup in the server side.

2012-04-06 10:36
by Oscar Castiblanco