Hi. J2EE sessions are created on the server. When the server gets a request from the client it checks the request for a session identifier. The session identifier or session ID is usually sent as a cookie header or as a parameter on the request URL. If the request doesn't have a session identifier the server creates a new session and then sends the session ID for the new session with the response. It's the responsibility of the client/browser when it gets the response to retrieve the session identifier and then send it with all requests that are made to the server in the future. This is how the session is maintained between the client and the server.
Sessions are not usually persisted by the browser meaning that when the browser is closed, the session identifier is not stored. The next time you launch the browser and make a request back to the server where you had a session, no session ID will be sent with the request so the server will create a new session for you. Browsers all behave a little differently so it would be good for you to understand how your browser manages sessions. With Firefox, for example, I believe that multiple browser windows share the same session and it's not until the last browser window is closed that the session is lost. Tabs within the same browser window also share the same session. Internet Explorer behaves differently depending on how the browser was launched. Browser windows that were launched from the same process (using CTRL-N from within IE for example) share the same session but when browser windows are launched from different processes (launching IE from the Windows start menu for example) each window will have its own session.
When the browser gets closed on the client the session identifier is lost but the server doesn't know that a client with that session indefier is not coming back so it keeps the session on the server for awhile. The session timeout is configurable on the server and will differ depending on the type of application. With an application where security is important the session timeout might be just a couple of minutes which will force users to login to the application again if they have been inactive for a short amount of time. For applications where security is less of a concern, the session timeout could be 30 minutes or more. This allows clients to leave the application idle for awhile and then come back and continue to use the application without logging in again.
Everything you've described seems consistent with how J2EE sessions work. The inconsistencies with how the session is maintained on the client (whether browser window is closed, tab is closed etc.) has to do with how browser vendors have implemented this functionality and is out of our control. Some browsers (I know Firefox does, IE 8 may as well) have an option to restore the last active session when the browser is launched so that might be your best bet if you don't want the session to go away when the browser is closed. You also would need to consider the session timeout on the server however. Even if the browser stored the session ID and resent it to the server the next time it was launched (how I imagine that functionality would work) the server would still need to have that session around (not have expired it) or the session data on the server would have been lost. The reason you don't get a FlexSession expired message when the browser is closed is that session hasn't expired on the server. When the session expires on the server you will see that message.
Hope that helps.
First of all Thank you very much for your long and valuable response to my question.However my doubts about session are still there.
Yes I know there are some options in browser settings for clearing cookies when closing but In my example just Flex Session is expired the others are still there. In that point I have some suspicions about set some properties after creating Flex Session like setTimeOut().. However none of them helped me as expected because they define the time that session will be expired after session CLOSED.
Now I am turning my face to implement session management in JS and Java with out using Flex Session. My hint is a site www.grooveshark.com They are just creaing PHPSESSION and implement the session by this way.
Is there any body who can say Flex Session is as strong as the other scripts session (PHP). Is there any body who implement session management on BlazeDS successfully and completly ?
Not sure will this help you or not
Did you tried playing with remote-config.xml. In this xml file you can maintain your application session by adjusting the scope tag.