This week's book giveaway is in the Mac OS forum.
We're giving away four copies of a choice of "Take Control of Upgrading to Yosemite" or "Take Control of Automating Your Mac" and have Joe Kissell on-line!
See this thread for details.
The moose likes Servlets and the fly likes Session timeouts and listeners.... Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » Servlets
Bookmark "Session timeouts and listeners...." Watch "Session timeouts and listeners...." New topic
Author

Session timeouts and listeners....

Manish Hatwalne
Ranch Hand

Joined: Sep 22, 2001
Posts: 2578

Is there a way for me to determine if the session is about to be destroyed due to timeout instead of being invalidated. I have looked into listeners, but none seems to be useful for my purpose.

I need to record time for which user was online when he logs out. When user logs out properly, this is pretty straight-forward. However, when session is timed out, I need to know about it. I have tried things with HttpSessionBindingListener and HttpSessionAttributeListener, however when I try to get session data (like session creation time and last access time. I also need to subtract inactive interval in case of timeouts to get accurate user online time. This suntraction is not needed for regular log-out.) when I receive events, the session is already invalidated by then.

How can I do this?

TIA,
- Manish
Bruce Jin
Ranch Hand

Joined: Sep 20, 2001
Posts: 666
I think HttpSessionBindingListener should serve your purpose. Have a class implement HttpSessionBindingListener. When the session starts/expires, valueBound/valueUnbound method of this interface will be called.


BJ - SCJP and SCWCD
We love Java programming. It is contagious, very cool, and lot of fun. - Peter Coad, Java Design

Crazy Bikes created by m-Power
Manish Hatwalne
Ranch Hand

Joined: Sep 22, 2001
Posts: 2578

Like i mentioned, at that point I do not have access to sesion data because session is already invalidated so how would I compute session creation time and sesssion last accessed time? Besides these events will be called even on normal log-outs, so how do I distinguish between normal logout and session timeout in this case?

- Manish
Ralph Ma
Greenhorn

Joined: Aug 18, 2005
Posts: 10
I think HttpSessionListener may meet your requirement. When the session is going to invalidate the sessionDestroyed(HttpSessionEvent se) method will be called by the container, and from the HttpSessionEvent you can get user's session.


SCJP 1.2<br />SCWCD 1.3<br />SCBCD 1.3<br />SCDJWS
Manish Hatwalne
Ranch Hand

Joined: Sep 22, 2001
Posts: 2578

The "sessionDestroyed" method is called after the session has been destroyed, at which point it is of no use.

See now the only issue is "accuracy of timestamps" in case of normal log-outs and session timeouts (I have got rest working with HttpSessionAttributeListener). For now it looks like I'll have to live with that limitation. If you guys have any other idea, do let me know.

TIA,
- Manish
Ronald Heukers
Ranch Hand

Joined: Jul 20, 2005
Posts: 69
Hi Manish,

You are confusing me.
According to the J2EE api sessionDestroyed(HttpSessionEvent se)is a notification that a session is about to be invalidated. In my opinion the session is still there and will be destroyed after completing this method.

Regards,

Ronald
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

From:
http://java.sun.com/j2ee/1.4/docs/api/javax/servlet/http/HttpSessionListener.html


sessionDestroyed

public void sessionDestroyed(HttpSessionEvent se)

Notification that a session is about to be invalidated.

Parameters:
se - the notification event



Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Manish Hatwalne
Ranch Hand

Joined: Sep 22, 2001
Posts: 2578

Huh??? I referred to this (google shows is as first link for HttpSessionListener) -
http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/http/HttpSessionListener.html

It says -


sessionDestroyed

public void sessionDestroyed(HttpSessionEvent se)

Notification that a session was invalidated.

Parameters:
se - the notification event


Besides the name suggests same and I found same in book SCWCD Exam Study Kit as well.
This book suggests same as well, with so much evidence, I didn't experiment with this.

void sessionDestroyed(HttpSessionEvent evt): The method invoked when a session is destroyed by the container. This method will be invoked when a unique client's session times out�that is, after they fail to revisit the Web site for a given period of time, usually 15 minutes.


Now let me see for myself...however from my expts with other two listeners I have seen that you don't get much time to get the session data even when it is "being" invalidated/destroyed.

rgds,
- Manish
[ August 18, 2005: Message edited by: Manish Hatwalne ]
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Looks like a change in the spec.
You posted the API for 1.3.
I posted the API for 1.4.
What servlet spec are you writing for?
[ August 18, 2005: Message edited by: Ben Souther ]
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

One approach that should work either way would be to work with an object other than the session itself. Create a userBean that gets bound to session scope when the user logs in. At the same time, bind it to a context scope map of your own. You could put things like the login time and last accessed time in the userBean's properties.

If the user explicitly logs out, you could record that before your code invalidates the session. You could then use the sessionListener to inform you when a session times out. If you use the sessionID as the key to your own map, you will be able to match the object in your map to the session that it belonged to. This way, even after the session has been invalidated, you will still have a reference to the object that holds the data that you need.

I have a demo app that uses this technique to do something slightly different from what you're doing (Mine just builds a screen that shows who's logged in, and when their session is due to expire). If any of that code is useful to you, feel free to use it.
http://simple.souther.us/not-so-simple.htm
Look for SessionMonitor.
[ August 18, 2005: Message edited by: Ben Souther ]
Bruce Jin
Ranch Hand

Joined: Sep 20, 2001
Posts: 666
Depend on what you are trying to accomplish HttpSessionBindingListener is usually the one used to track user activities.
You don�t have access to session object when valueUnboud is called but you get notified in the object that implements HttpSessionBindingListener. User activities are recorded inside this class object that implements HttpSessionBindingListener.
Manish Hatwalne
Ranch Hand

Joined: Sep 22, 2001
Posts: 2578

I did run few experiments on my Tomcat 5.0.28 and it looks like SessionListener will solve the purpose. Its frustrating -- didn't know that specs changed and all my so called reliable sources (including rabk 1 googr link) confirmed what I beleived!!!

Anyway, thank you guys!!! My problem should be solved now!!!

rgds,
- Manish
[ August 18, 2005: Message edited by: Manish Hatwalne ]
Manish Hatwalne
Ranch Hand

Joined: Sep 22, 2001
Posts: 2578

Yes, container docs say it should be possible that way --
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/servletapi/javax/servlet/http/HttpSessionListener.html

- Manish
Srivatsa Katta
Ranch Hand

Joined: Aug 13, 2005
Posts: 55
Guys i have some clarification with the same sessionDestroyed() method.

Here is what Servlet 2.3 Spec says about that method

sessionDestroyed

public void sessionDestroyed(HttpSessionEvent se)

Notification that a session was invalidated.

Parameters:
se - the notification event


and Servlet 2.4 Spec says


sessionDestroyed

public void sessionDestroyed(HttpSessionEvent se)

Notification that a session is about to be invalidated.

Parameters:
se - the notification event


I am using Servlet 2.3 in my applicaiton, and according to my understanding, whenever session gets invalidated (by calling method session.invalidate() ), the listener method sessionDestroyed() will be called. And in the spec its given that it will be called after session is invalidated, so in sessionDestroyed() method, if we get the session from HttpSessionEvent, it shouldnt have any attributes i have set it before.

But the thing is i am able to retrieve all the attributes i have set to the session in the method sessionDestroyed() .. i am not getting how !! if its works like this in Servlet 2.4 fine but how is it happening with servlet 2.3

Can any one plese explain me ..

-Tripter
Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8919

tripter ,
That is strange. Which container are you using?


Groovy
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61309
    
  66

"tripter",

There aren't many rules that you need to worry about here on the Ranch, but one that we take very seriously regards the use of proper names. Please take a look at the JavaRanch Naming Policy and adjust your display name to match it.

In particular, your display name must be a first and a last name separated by a space character, and must not be obviously fictitious.

Thanks!
bear
Forum Bartender


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Srivatsa Katta
Ranch Hand

Joined: Aug 13, 2005
Posts: 55
Hi Bear,

I have changed my display name as per ur policy..

Thanks
-Tripter
Srivatsa Katta
Ranch Hand

Joined: Aug 13, 2005
Posts: 55
Hi Pradip,

I am using WebSphere 5.0

Plz some one help me out of this!!

-Tripter
 
GeeCON Prague 2014
 
subject: Session timeouts and listeners....