File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes How to find session is re-created Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "How to find session is re-created" Watch "How to find session is re-created" New topic

How to find session is re-created

Seema Hanji
Ranch Hand

Joined: Jan 29, 2001
Posts: 37
How can we differenciate between when session created for first time and session re-created after session expiry.
For both the instances, HttpSession isNew() returns true. Also session attribute will be null Either for first time or after session expiry.

Thanks in advance.

[ December 02, 2004: Message edited by: Seema Hanji ]
[ December 07, 2004: Message edited by: Mark Spritzler ]
Scott Dunbar
Ranch Hand

Joined: Sep 23, 2004
Posts: 245
One way would be to implement a listener. You can get called both when the session is created and when it is destroyed or you can have it listen to attribute changes too.

<a href="" target="_blank" rel="nofollow">Java forums using Java software</a> - Come and help get them started.
Seema Hanji
Ranch Hand

Joined: Jan 29, 2001
Posts: 37
I want to know whether session expired or not in my Struts action class.

I already have a session listener which removes EJB on session destroyed event. I don't have anyway to communicate between session listener and my action class.
Ritesh Agrawal
Ranch Hand

Joined: Jan 08, 2004
Posts: 74

First of all, either way it is the same thing whether a session was created new or a session was re-created due to expiry. There is probably no way to know this just by using any availble API's. If is it necessary for you to know this, then probably the following workarounds might be tried.

1. Use cookies and store the login time of the user. Keep the cookie expiry time to 2 or 3 times the session timeout interval. And when the session is recreated, the cookie can be checked to see if the user was logged in some time before. But I must warn here that, the session might not have expired. the user could have deliberately closed the session and trying to log in again.

2. You can also keep a flag in a database or flat file (if no. of users are not more) for each user in addition to above setting. The flag would be set for the user if the session for the user was expired. So, either by combining this two strategies or by storing the last login time of the user in the database itself along with the flag you can check whether the session is new (first time created) or was recreated because of session timeout. You can use the sessionDestroyed method of javax.servlet.http.HttpSessionListener interface to track the session expiry time and flag.

Ritesh<br /> <br />SCJP 1.4<br />IBM Test 340<br />IBM AIX V4.0 Certified Professional<br /> <br />Right actions for the future are the best apologies for wrong ones in the past.<br />- Tyron Edwards
vishwa venkat
Ranch Hand

Joined: Nov 22, 2003
Posts: 185
I think session_id going to be different, so u may cache the session_id and compare with the one recreated..not sure though..
Bob Frapples
Ranch Hand

Joined: Mar 08, 2002
Posts: 32
I agree. Here's the link:
subject: How to find session is re-created
It's not a secret anymore!