| Author |
Question on HttpSessionListener
|
Nimchi Yung
Ranch Hand
Joined: Jan 27, 2004
Posts: 71
|
|
My web application is using Container Managed Authentication.
Now a new requirement comes in that I have to check if my webapp
still within license window.
I was thinking to use HttpSessionListener such as when new
session is created, then perform the license check.
In my Listener, I have something like:
public void sessionCreated(HttpSessionEvent event)
{
System.out.println("new session created\n");
}
public void sessionDestroyed(HttpSessionEvent event)
{
System.out.println("session destroyed\n");
}
When I logged in, I did not see the "new session created"
message. But when I logged out (using session.invalidate()),
then I saw the message "session destroyed" follows by
"new session created".
Why is that?
--Nimchi
|
 |
Frank Carver
Sheriff
Joined: Jan 07, 1999
Posts: 6913
|
|
then I saw the message "session destroyed" follows by
"new session created".
This usually happens because the "log out" button performs its action then forwards (or redirects) to a JSP. Unless explicitly prevented, every JSP fetches or creates a session, so a new session is created immediately after the old one is destroyed.
The usual way round this is to have the "public" bits of the application, which are available to visitors who have not logged on, made out of static HTML files or non-sessional JSPs.
|
A Convergent Visionary ~ Frank's Punchbarrel Blog ~ LinkedIn profile
|
|
 |
|
|
subject: Question on HttpSessionListener
|
|
|
0
