This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Servlets and the fly likes Question on HttpSessionListener Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Question on HttpSessionListener" Watch "Question on HttpSessionListener" New topic
Author

Question on HttpSessionListener

Nimchi Yung
Ranch Hand

Joined: Jan 27, 2004
Posts: 71
My web application is using Container Managed Authentication.
Now a new requirement comes in that I have to check if my webapp
still within license window.
I was thinking to use HttpSessionListener such as when new
session is created, then perform the license check.
In my Listener, I have something like:
public void sessionCreated(HttpSessionEvent event)
{
System.out.println("new session created\n");
}
public void sessionDestroyed(HttpSessionEvent event)
{
System.out.println("session destroyed\n");
}
When I logged in, I did not see the "new session created"
message. But when I logged out (using session.invalidate()),
then I saw the message "session destroyed" follows by
"new session created".
Why is that?
--Nimchi
Frank Carver
Sheriff

Joined: Jan 07, 1999
Posts: 6920
then I saw the message "session destroyed" follows by
"new session created".

This usually happens because the "log out" button performs its action then forwards (or redirects) to a JSP. Unless explicitly prevented, every JSP fetches or creates a session, so a new session is created immediately after the old one is destroyed.
The usual way round this is to have the "public" bits of the application, which are available to visitors who have not logged on, made out of static HTML files or non-sessional JSPs.


Read about me at frankcarver.me ~ Raspberry Alpha Omega ~ Frank's Punchbarrel Blog
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Question on HttpSessionListener
 
Similar Threads
Not recieving sessionDestroyed on Browser close
setmaxInactiveInterval
HttpSessionListener in JSF App
Probelem when Forwarding when session expires
HttpSessionListener