Take a look in this question that I got from a web site:
Which of the following statements best describes the code?
A) A compilation error will occur as the HttpSessionListener class is not properly implemented B) No errors or exceptions will occur as the code is written correctly C) An IllegalStateException will be thrown when the code is executed D) None of the above
The answer is "C" in the web site, when the session.getAttribute("username") method is called, because the session has been invalidated.
But, if we look at Servlet Spec 2.4 (pg. 22), it says that the HttpSessionListener.sessionDestroyed() method notifies when a session is about to be invalidate. So, the correct answer is "B".
I've implemented the code above and it compiles and runs without problem.