Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

HttpSession ... tracking and cleanup

 
Mufaddal Khumri
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have got a ServletContextListener that does initialization and cleanup for my webapp. I was wondering if there was a way to:
1. Get the pool of sessions for my webapp (as a collection on which i can iterate or enumerate). this would allow me to call session.invalidate on all these session objects.
2. Invalidate all sessions to my webapp in this Listener ? If not, in what way can I invalidate all sessions when i start / reload my webapp ?
Thanks
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13058
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why not add the HttpSessionListener interface to your ServletContextListener - that would give you the sessionCreated and sessionDestroyed methods so you could create a list of active sessions.
Bill
 
Mufaddal Khumri
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Before writing code to do this, I was wanting to know if the container provided any mechanism to do this. For invalidating sessions it seems Tomcat's server.xml can be tweaked to include:
<Manager className="org.apache.catalina.session.PersistentManager"
debug="0"
saveOnRestart="false"
maxActiveSessions="-1"
minIdleSwap="-1"
maxIdleSwap="-1"
maxIdleBackup="-1">
<Store
className="org.apache.catalina.session.FileStore"/>
</Manager>
The problem is that even after doing the above, it does not work for me. I did the following test to test my webapp after i put the above in the server.xml:
1. started tomcat.
2. started a browser, logged into MyApp and used it.
3. stopped tomcat and restarted tomcat . (kept the browser window that i was using in step 2 open).
4. went back to my browser window from step 2 and tried to continue using my MyApp by clicking on one of the links to a jsp page. The browser showed me a blank window -
AT THIS POINT I checked the session attribute and it was still existing. My code that redirects the user to the login page checks to see if this attribute is not there or is false. Since its present and is true it does not redirect the user. The only way i can redirect the user to the login page is by invalidating the session he or she is using . For this i made the change to the server.xml.
Any ideas why this isnt working ?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic