File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Question on HttpSessionListener Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Question on HttpSessionListener" Watch "Question on HttpSessionListener" New topic

Question on HttpSessionListener

Nimchi Yung
Ranch Hand

Joined: Jan 27, 2004
Posts: 71
My web application is using Container Managed Authentication.
Now a new requirement comes in that I have to check if my webapp
still within license window.
I was thinking to use HttpSessionListener such as when new
session is created, then perform the license check.
In my Listener, I have something like:
public void sessionCreated(HttpSessionEvent event)
System.out.println("new session created\n");
public void sessionDestroyed(HttpSessionEvent event)
System.out.println("session destroyed\n");
When I logged in, I did not see the "new session created"
message. But when I logged out (using session.invalidate()),
then I saw the message "session destroyed" follows by
"new session created".
Why is that?
Frank Carver

Joined: Jan 07, 1999
Posts: 6920
then I saw the message "session destroyed" follows by
"new session created".

This usually happens because the "log out" button performs its action then forwards (or redirects) to a JSP. Unless explicitly prevented, every JSP fetches or creates a session, so a new session is created immediately after the old one is destroyed.
The usual way round this is to have the "public" bits of the application, which are available to visitors who have not logged on, made out of static HTML files or non-sessional JSPs.

Read about me at ~ Raspberry Alpha Omega ~ Frank's Punchbarrel Blog
I agree. Here's the link:
subject: Question on HttpSessionListener
It's not a secret anymore!