Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
The moose likes Servlets and the fly likes Session expire problem with  HttpSessionListener Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Session expire problem with  HttpSessionListener " Watch "Session expire problem with  HttpSessionListener " New topic
Author

Session expire problem with HttpSessionListener

dashang trivedi
Greenhorn

Joined: Mar 01, 2010
Posts: 26
My objective is when session is Expire i want to display message session is expire...I am using HttpSessionListener....



Now in Servlet file......


PROBLEM IS THAT Every time its check ONLY for IF condition.....its not going in ELSE PART....
means if session is destroy and user click on html page so request redirect to servlet...and it will again Create a NEW session....
SO ANY WAY TO CHECK the session is expire or not???
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

Please UseCodeTags when posting code or configuration. Unformatted code and configuration is unnecessarily difficult to read. You can edit your post by using the button.
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12835
    
    5
You will get the call to sessionDestroyed in a Thread that is completely independent of any request thread. You could keep a list of session ids as they are destroyed, but what would you do with it?

In the request Thread you can determine if a session is new and thats about it.


Bill
dashang trivedi
Greenhorn

Joined: Mar 01, 2010
Posts: 26
when session is destroyed ..the session destroyed method is called i simply decrement the Integer variable and when session is created i just Increment the variable.. then set the session variable with that value...and in servlet file i simply get the variable value.........

the Problem is that...I always get same value...session destroyee method is called...but when USER click on JSP file ....it will create a new Session because session is destroyed...

So please tell me any Solution...
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18987
    
    8

dashang trivedi wrote:the Problem is that... when USER click on JSP file ....it will create a new Session...

So please tell me any Solution...


This is the real problem, isn't it? There's no session at this point in time. But you want to tell the user that the previous session timed out. Therefore... you can't store that information in the session, because it won't be available. You will have to store it somewhere else.
dashang trivedi
Greenhorn

Joined: Mar 01, 2010
Posts: 26
So sir...where to store ...how i display the message your session is expire.......
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12835
    
    5
If you have some database with entries for each user, you could record the last time they got a session and the time the session expired.

There are simple databases you could keep in memory if the number of users is not huge.

Do you currently track users beyond a single session/

Bill
Amol Nayak
Ranch Hand

Joined: Oct 26, 2006
Posts: 218
What if we have a token generated and sent back to the user when the session was first created, so that with each of the subsequent requests we will be getting the token. (say all your links displayed in the page will have an additional parameter for the token, just on similar lines to encodeURL)

Have a servlet filter in in place which will read the token
1. If no token is existing then it may be the first request, forward to login page
2. If there is a token present and no session associated then forward to the error page you require, else let the request go through.


Another alternative is not to allow direct access to jsp from the front end but all links will be sending request to a controller (a Front Controller) which would do these checks before forwarding to the required jsp.
dashang trivedi
Greenhorn

Joined: Mar 01, 2010
Posts: 26
My objective is when session is Expire i want to display message session is expire...

I am trying for token but its every time create a new token....

if you have code that run perfect than PLEASE out the code here....its help community a lot...
Amol Nayak
Ranch Hand

Joined: Oct 26, 2006
Posts: 218
It is fine even if you create a new token for each request, it is also helpful for detecting duplicate submissions of form. How come you are not able to detect from the tokens that the session which has generated this token has expired?

Why don't you post your code with the token logic?

dashang trivedi
Greenhorn

Joined: Mar 01, 2010
Posts: 26
Cookie Token is same as i create a Session id....
main problem is that when session is expire than its create a new session....Check the If condition....Its session default behavior..
we cant change it....So now question is how we set the logic that its go in ELSE part...which session destroy condition......
in that condition i display message SESSION is EXPIRE........think it....

Amol Nayak
Ranch Hand

Joined: Oct 26, 2006
Posts: 218
Please read my previous post again, apart from storing a token in session you need to get it back from the client (browser) every time. The token will not be a simple number like count attribute in your case. You may have the token as say the the value returned by System.currentTimeMillis().
When sending back the response back to the client store this token value in it as a parameter for each link you display on your page and also store the token in your session.

When you are getting a request which has a token associated with it but no session associated with the request on the server, you may say that the page was served when the session was active and hence show the message "Session already invalidated"

For your purpose you may just generate the token at the beginning of the session and not for each requests.
Generating a new token for each request is useful when you need to prevent duplicate submission of the form.
Michael Angstadt
Ranch Hand

Joined: Jun 17, 2009
Posts: 274

What about this? This uses a cookie called "token" to store the session ID. If the cookie doesn't match the session ID, it means the user's previous session timed out. Of course, this only works if the client supports cookies...


Your code is just counting the number of active sessions...this doesn't help to tell whether a session has timed out.

Amol's solution is better because it doesn't require cookies, but you'd have to add an extra parameter to every single link which is tedious.


SCJP 6 || SCWCD 5
dashang trivedi
Greenhorn

Joined: Mar 01, 2010
Posts: 26
Thank-you Michael....your Logic is great.....
yes now i understand i m just counting....the active session....i m just confuse with how previous session is store....
great solution .... i think this help a community a lot....

i am just confusing with your statement...
why you say that Amol's solution is better because it doesn't require cookies....
is it possible without cookies???

thank-you....
Michael Angstadt
Ranch Hand

Joined: Jun 17, 2009
Posts: 274

dashang trivedi wrote:
why you say that Amol's solution is better because it doesn't require cookies....
is it possible without cookies???


That's just one possible solution I thought up...not sure how else you'd do this. It seems like a common problem though, so there must be a solution somewhere..
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Session expire problem with HttpSessionListener