Is there a way for me to determine if the session is about to be destroyed due to timeout instead of being invalidated. I have looked into listeners, but none seems to be useful for my purpose.
I need to record time for which user was online when he logs out. When user logs out properly, this is pretty straight-forward. However, when session is timed out, I need to know about it. I have tried things with HttpSessionBindingListener and HttpSessionAttributeListener, however when I try to get session data (like session creation time and last access time. I also need to subtract inactive interval in case of timeouts to get accurate user online time. This suntraction is not needed for regular log-out.) when I receive events, the session is already invalidated by then.
Like i mentioned, at that point I do not have access to sesion data because session is already invalidated so how would I compute session creation time and sesssion last accessed time? Besides these events will be called even on normal log-outs, so how do I distinguish between normal logout and session timeout in this case?
The "sessionDestroyed" method is called after the session has been destroyed, at which point it is of no use.
See now the only issue is "accuracy of timestamps" in case of normal log-outs and session timeouts (I have got rest working with HttpSessionAttributeListener). For now it looks like I'll have to live with that limitation. If you guys have any other idea, do let me know.
You are confusing me. According to the J2EE api sessionDestroyed(HttpSessionEvent se)is a notification that a session is about to be invalidated. In my opinion the session is still there and will be destroyed after completing this method.
Besides the name suggests same and I found same in book SCWCD Exam Study Kit as well. This book suggests same as well, with so much evidence, I didn't experiment with this.
void sessionDestroyed(HttpSessionEvent evt): The method invoked when a session is destroyed by the container. This method will be invoked when a unique client's session times out�that is, after they fail to revisit the Web site for a given period of time, usually 15 minutes.
Now let me see for myself...however from my expts with other two listeners I have seen that you don't get much time to get the session data even when it is "being" invalidated/destroyed.
One approach that should work either way would be to work with an object other than the session itself. Create a userBean that gets bound to session scope when the user logs in. At the same time, bind it to a context scope map of your own. You could put things like the login time and last accessed time in the userBean's properties.
If the user explicitly logs out, you could record that before your code invalidates the session. You could then use the sessionListener to inform you when a session times out. If you use the sessionID as the key to your own map, you will be able to match the object in your map to the session that it belonged to. This way, even after the session has been invalidated, you will still have a reference to the object that holds the data that you need.
I have a demo app that uses this technique to do something slightly different from what you're doing (Mine just builds a screen that shows who's logged in, and when their session is due to expire). If any of that code is useful to you, feel free to use it. http://simple.souther.us/not-so-simple.htm Look for SessionMonitor. [ August 18, 2005: Message edited by: Ben Souther ]
I did run few experiments on my Tomcat 5.0.28 and it looks like SessionListener will solve the purpose. Its frustrating -- didn't know that specs changed and all my so called reliable sources (including rabk 1 googr link) confirmed what I beleived!!!
Anyway, thank you guys!!! My problem should be solved now!!!
Notification that a session is about to be invalidated.
Parameters: se - the notification event
I am using Servlet 2.3 in my applicaiton, and according to my understanding, whenever session gets invalidated (by calling method session.invalidate() ), the listener method sessionDestroyed() will be called. And in the spec its given that it will be called after session is invalidated, so in sessionDestroyed() method, if we get the session from HttpSessionEvent, it shouldnt have any attributes i have set it before.
But the thing is i am able to retrieve all the attributes i have set to the session in the method sessionDestroyed() .. i am not getting how !! if its works like this in Servlet 2.4 fine but how is it happening with servlet 2.3