My understanding is that HttpSessionAttributeListener is implemented by an object that is interested in receiving events from all the sessions belonging to the application, while HttpSessionBindingListener is implemented by the object attributes for the particular session to which they are added or removed.
So,When the session is timed out, the HttpSessionBindingListener.valueUnbound(-) can be used to notify user about it, because:
- session timeout destroys a session (and its all attributes),
- attribute removal will execute valueUnbound method on the perticular attribute.
Now my question Why Can we rely on HttpSessionBindingListeren if it comes to session invalidation and at the same time we can not rely on HttpSessionAttributeListener.attributeRemoved. ???
HttpSessionBindingListener: Causes an object to be notified when it is bound to or unbound from a session. The object is notified by an HttpSessionBindingEvent object. This may be as a result of a servlet programmer explicitly unbinding an attribute from a session, due to a session being invalidated, or due to a session timing out.
The specification (Servlet 3.0) furthermore does not mandate that the HttpSessionAttributeListener.attributeRemoved() should be called before a HttpSession invalidates (or in other words: that objects should be removed from the session when an session gets destroyed) so that leaves space for the people building the Servlet-containers to decide what to do.
Did you try to see what Tomcat does in this particulair case?
Nope i have not tried it yet,it is mentioned in head first servlet book which i was not able to understand.So because the specs have mentioned means we cannot use it for notification ?
I will like to add one more thing here,Suppose if i have implemented both the listeners and when ever an attribute is removed,then first the attributeRemoved() is called which further makes call to valueUnbound().I had read this somewhere but not able to recollect it properly.So just correct me if i am wrong.
Creator of Enthuware JWS+ V6
So because the specs have mentioned means we cannot use it for notification ?
I suppose you meant "because the specs did not mention...."
Yes, we cannot rely on the notification if the specifications don't specify that it should happen (as with the HttpSessionBindingListener) But that doesn't mean that it won't be implemented, it just means that the servlet-container-developers can choose an implementation. ( and if you rely on one implementation, your application won't be portable to another provider just like that)
Suppose if i have implemented both the listeners and when ever an attribute is removed,then first the attributeRemoved() is called which further makes call to valueUnbound().I had read this somewhere but not able to recollect it properly.So just correct me if i am wrong.
Yes, this is where you can find that in the Servlet 3.0 specs:
7.4 Binding Attributes into a Session Some objects may require notification when they are placed into, or removed from, a session. This information can be obtained by having the object implement the
HttpSessionBindingListener interface. This interface defines the following methods that will signal an object being bound into, or being unbound from, a session.
The valueBound method must be called before the object is made available via the getAttribute method of the HttpSession interface. The valueUnbound method must be called after the object is no longer available via the getAttribute method of the HttpSession interface.
just saw that the EE6 API gives a more explicit explanation, which is different from what I thought.....
HttpSession.setAttribute() After this method executes, and if the new object implements HttpSessionBindingListener, the container calls HttpSessionBindingListener.valueBound. The container then notifies any HttpSessionAttributeListeners in the web application.
HttpSession.removeAttribute() After this method executes, and if the object implements HttpSessionBindingListener, the container calls HttpSessionBindingListener.valueUnbound. The container then notifies any HttpSessionAttributeListeners in the web application.
[EDIT]: I just tested it on tomcat and this is the result ->