aspose file tools*
The moose likes JSP and the fly likes Detection of session timeout Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "Detection of session timeout" Watch "Detection of session timeout" New topic
Author

Detection of session timeout

Tony Stoyle
Greenhorn

Joined: May 16, 2002
Posts: 11
I'm not sure whether this comes under JSPs or EJBs but here goes....
In our JSPs we have the following line of code -
<jsp:useBean id="user" class="com.ugc.ead.login.User" scope="session" />
what I understand this to mean is to look for a bean called user - if it exists then use it, else instantiate one. It will be stored in HttpSession?
We currently use this to denote when a user has timed out - the instantiation of the object sets a 'logged' flag to false, which is set to true when they log in successfully. Therefore if they log in and have no activity for 30 minutes the next time they have actitivy it will execute the above line, instantiate a new user class which will determine the logged flag is false and we then log them off. All this is fine and works well.
We now want to track who has an active session, which means that at the point they time out we want to know this, instead of having to wait for the user to press a button to get timed out as described above. What I am leading up to saying is does anyone know what happens at the point of a timeout, will the user class be automatically be removed from the session object - I assume it will be because a subsequent call to the above line of code will instantiate a new one, which must mean the old one has gone? If this is the case why am I having no joy with implementing HttpSessionBindingListener on the user class and checking in the "valueUnbound" method to denote the removal of the class from session?? Basically if I log on and sit for 30 minutes the valueUnbound method is not called??
Apologies if this is bit confusing but if anyone understands what I am going on about here I'd be grateful for some advice.
Many thanks,
Tony
prabhat kumar
Ranch Hand

Joined: Apr 11, 2001
Posts: 114
to get notification about session timeout
you have to implement HttpSessionBindingListener
and then override the valueunbound method
Rahul Mahindrakar
Ranch Hand

Joined: Jul 28, 2000
Posts: 1836
Tony
I would like to summarise your problem below
---
Basically if I log on and sit for 30 minutes the valueUnbound method is not called??
---
This is because the Session Object itself is garbage collected. The Object that exists in the session is there but still bound so the valueUnbound is not called.
Rahul Mahindrakar
Ranch Hand

Joined: Jul 28, 2000
Posts: 1836
Have a look at HttpSessionListener if you want to be notified of changes to the list of active sessions in a web application.
--quote
We now want to track who has an active session, which means that at the point they time out we want to know this.
-----
You can keep a counter of active sessions by using a counter in HttpSessionListener.
[ October 16, 2002: Message edited by: Rahul Mahindrakar ]
Tony Stoyle
Greenhorn

Joined: May 16, 2002
Posts: 11
Thank you for your replies.
From what you are saying, the Session object may be garbage collected with the user object still inside it, so it does not trigger the unbound method?
The first attempt I had at cracking this was checking for garbage collection but after inconclusive results and from what people had said on here it appeared that you can never guarantee when something will be garbage collected.
It would seem like HTTPSessionListener may be the best bet then?
Thanks again,
Tony
Tony Stoyle
Greenhorn

Joined: May 16, 2002
Posts: 11
I have looked at HttpSessionListener and this will not work for us either!!! Although you can keep a counter of active sessions, we need to know WHO has logged in and logged off, ie when they time out we need to know THAT USER has been timed out. The user information we keep in the session but I don't believe using this class will give me access to the session when it is destroyed??
Rahul Mahindrakar
Ranch Hand

Joined: Jul 28, 2000
Posts: 1836
Oh the HttpSessionEvent does provide you with the session when the session is being destroyed.
Look at HttpSessionListener.sessionDestroyed(HttpSessionEvent se)
HttpSessionEvent.getSession()
Tony Stoyle
Greenhorn

Joined: May 16, 2002
Posts: 11
Still no good, you need the 2.3 Servlet API which we got but apparantly you also need to use the 2.3 servlet DTD in your web.xml. We use Jrun 3.1 which I understand only supports the 2.2 DTD........
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Detection of session timeout
 
Similar Threads
Using timers with phase listeners
About Sessions
Browser timeout OR session timeout
Session timeout in filter detection?
request.getSession(false) not working