HTTP request from a browser upon a session timeout

Question

I have UI that is served by two HTTP servers. Therefore I need to clean the HTTP session from both servers. It is simple for the logout use case but not clear for me how to do it for the session timeout use case.

The notification on the server side is possible via HttpSessionBindingListener Getting notification when bounded/unbounded to a HTTP session. But how can I notify the client site about it? I have to send the request from a browser to the second server to be able to clean a session cookie on the second server and therefore I can not send request from the server side.

Added

One server is Tomcat 8, the second server is Apache HTTPD server. I want to solve it via UI callback is possible (from the Tomcat HTTP servlet server).

Answer 1

From Apache HTTPD (Apache) documentation:

Integrating Sessions with External Applications

https://httpd.apache.org/docs/2.4/mod/mod_session.html#integration

• You can write your own module, then you could use this module to delete sessions after Tomcat deems them expendable.
• You can use a session database external to both Tomcat and Apache (eg. in MySQL), both servers would validate users with it. Deleting a session would just require deleting the entry from the database.
• As a standalone application: As the docs state, it is on you to do the work of finding and accessing the session files, breaking them, and editing them. If Tomcat and Apache are on different machines, you could have an agent with a listener on the Apache box, and have Tomcat request the agent delete the session data.
• Apache usually goes with PHP, and there is also databases around. Both could have their own sessions to handle.