Methods on HttpSessionListener

Hello,

Take a look in this question that I got from a web site:

public class MyHttpSessionListener implements HttpSessionListener { public void sessionCreated (HttpSessionEvent e) { System.out.log ("Session Created"); } public void sessionDestroyed (HttpSessionEvent e) { HttpSession session = e.getSession (); String name = (String) session.getAttribute("username"); } }

Which of the following statements best describes the code?

A) A compilation error will occur as the HttpSessionListener class is not properly implemented
B) No errors or exceptions will occur as the code is written correctly
C) An IllegalStateException will be thrown when the code is executed
D) None of the above

The answer is "C" in the web site, when the session.getAttribute("username") method is called, because the session has been invalidated.

But, if we look at Servlet Spec 2.4 (pg. 22), it says that the HttpSessionListener.sessionDestroyed() method notifies when a session is about to be invalidate. So, the correct answer is "B".

I've implemented the code above and it compiles and runs without problem.

Regards,

The question may be a bit old. According to the servlet 2.4 spec(p.283), the behavoir of sessionDestroyed is changed to notify before the session is invalidated since version 2.3.

I guess it is correct for them to change the behavior of the sessionDestroyed() method.
One should have control over the session object before it goes out of scope.