Ahmed Abul Khair's Blog

ADF Solution – Logout on Closing Browser

In this blog we will implement solution for problem of Handling Browser Close Event. Browser doesn’t send any event to the server to handle such events. The requirement is to logout and invalidate the user’s session when closing browser without logging out. This process is a part of application security, and it is important for performance improvement. The trick is to use ADF Bounded Task flow’s feature Run as Dialog. I will explain this technique.

I have developed sample application LogoutOnClosingBrowser.zip

in ADF (12.2.1.2.0).

We will go through this scenario:

When user starts application in the browser session created automatically.

User Login with Username & Password:

1) The Login button called bounded Task flow as Dialog in external-window.

Remember to change property useWindow=”true” in the Login button, which call task flow as dialog.

When user try to Logout from logout button, task flow execute After Listener to Invalidate Session and the logout action is working fine.

2) Configuring Finalizer to bounded task flow to handle Closing Browser Event.

We need to differentiate between two cases: Logout normally done from Logout button and Browser Closed.

Add <af:setPropertyListener> under the logout button, to send logoutFlag_P parameter equal true to Finalizer, if Logout action done from Logout button.

 

3) Creating Security Bean and methods like this:

Logout Method: To handle Logout action.

Finalizer Method: To manage finalizing of the task flow.

Invalidate Session Method: To kill session after logging out.

To logout would be simply to close browser, and the user’s session will invalidate.