• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Detection of session timeout

 
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm not sure whether this comes under JSPs or EJBs but here goes....
In our JSPs we have the following line of code -
<jsp:useBean id="user" class="com.ugc.ead.login.User" scope="session" />
what I understand this to mean is to look for a bean called user - if it exists then use it, else instantiate one. It will be stored in HttpSession?
We currently use this to denote when a user has timed out - the instantiation of the object sets a 'logged' flag to false, which is set to true when they log in successfully. Therefore if they log in and have no activity for 30 minutes the next time they have actitivy it will execute the above line, instantiate a new user class which will determine the logged flag is false and we then log them off. All this is fine and works well.
We now want to track who has an active session, which means that at the point they time out we want to know this, instead of having to wait for the user to press a button to get timed out as described above. What I am leading up to saying is does anyone know what happens at the point of a timeout, will the user class be automatically be removed from the session object - I assume it will be because a subsequent call to the above line of code will instantiate a new one, which must mean the old one has gone? If this is the case why am I having no joy with implementing HttpSessionBindingListener on the user class and checking in the "valueUnbound" method to denote the removal of the class from session?? Basically if I log on and sit for 30 minutes the valueUnbound method is not called??
Apologies if this is bit confusing but if anyone understands what I am going on about here I'd be grateful for some advice.
Many thanks,
Tony
 
Ranch Hand
Posts: 114
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
to get notification about session timeout
you have to implement HttpSessionBindingListener
and then override the valueunbound method
 
Ranch Hand
Posts: 1871
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Tony
I would like to summarise your problem below
---
Basically if I log on and sit for 30 minutes the valueUnbound method is not called??
---
This is because the Session Object itself is garbage collected. The Object that exists in the session is there but still bound so the valueUnbound is not called.
 
Rahul Mahindrakar
Ranch Hand
Posts: 1871
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Have a look at HttpSessionListener if you want to be notified of changes to the list of active sessions in a web application.
--quote
We now want to track who has an active session, which means that at the point they time out we want to know this.
-----
You can keep a counter of active sessions by using a counter in HttpSessionListener.
[ October 16, 2002: Message edited by: Rahul Mahindrakar ]
 
Tony Stoyle
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you for your replies.
From what you are saying, the Session object may be garbage collected with the user object still inside it, so it does not trigger the unbound method?
The first attempt I had at cracking this was checking for garbage collection but after inconclusive results and from what people had said on here it appeared that you can never guarantee when something will be garbage collected.
It would seem like HTTPSessionListener may be the best bet then?
Thanks again,
Tony
 
Tony Stoyle
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have looked at HttpSessionListener and this will not work for us either!!! Although you can keep a counter of active sessions, we need to know WHO has logged in and logged off, ie when they time out we need to know THAT USER has been timed out. The user information we keep in the session but I don't believe using this class will give me access to the session when it is destroyed??
 
Rahul Mahindrakar
Ranch Hand
Posts: 1871
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Oh the HttpSessionEvent does provide you with the session when the session is being destroyed.
Look at HttpSessionListener.sessionDestroyed(HttpSessionEvent se)
HttpSessionEvent.getSession()
 
Tony Stoyle
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Still no good, you need the 2.3 Servlet API which we got but apparantly you also need to use the 2.3 servlet DTD in your web.xml. We use Jrun 3.1 which I understand only supports the 2.2 DTD........
reply
    Bookmark Topic Watch Topic
  • New Topic