• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Question on HttpSessionListener

 
Ranch Hand
Posts: 71
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My web application is using Container Managed Authentication.
Now a new requirement comes in that I have to check if my webapp
still within license window.
I was thinking to use HttpSessionListener such as when new
session is created, then perform the license check.
In my Listener, I have something like:
public void sessionCreated(HttpSessionEvent event)
{
System.out.println("new session created\n");
}
public void sessionDestroyed(HttpSessionEvent event)
{
System.out.println("session destroyed\n");
}
When I logged in, I did not see the "new session created"
message. But when I logged out (using session.invalidate()),
then I saw the message "session destroyed" follows by
"new session created".
Why is that?
--Nimchi
 
Sheriff
Posts: 7001
6
Eclipse IDE Python C++ Debian Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
then I saw the message "session destroyed" follows by
"new session created".

This usually happens because the "log out" button performs its action then forwards (or redirects) to a JSP. Unless explicitly prevented, every JSP fetches or creates a session, so a new session is created immediately after the old one is destroyed.
The usual way round this is to have the "public" bits of the application, which are available to visitors who have not logged on, made out of static HTML files or non-sessional JSPs.
 
reply
    Bookmark Topic Watch Topic
  • New Topic