Interceptors are too late. If you are not going to use Spring Security which will do this for you, then you will need to write a Servlet filter. I suggest removing Spring from the question in that case and posting in our Servlet forum. Depending on what you are tring to do you may just need to register an HttpSessionListener in your web.xml
Well I am not certain something else will not create a new session if it does not exist before you get to your HandlerInterceptor, that depends on your set-up. but theoretically you could do some action if there were no Session using a handler intercepter:
You still have not explained what you are trying to accomplish. If you need to know when a Session expires to perform some action then you must implement HttpSessionListener and handle the sessionDestroyed event there. This listener must then be also registered in your web.xml.
However if you just want new requests that come in to react in some fashion if a Session does not exist then a filter (possibly a HanderIntercepter depending on your requirements) is more appropriate. You need to give a better explanation of what you are trying to accomplish.
Well that was kind of my concern with an interceptor instead of a filter. Something before your controller could be creating it. You have a few choices:
1. do it in a filter
2. instead of just null checking also check for the presence of your log in credentials
If that does not work then your session is not getting destroyed. You could register a HttpSessionListener in that case and see if the sessionDestroyed event is ever invoked. If not you have an issue there, that has nothing to do with Spring and would be better posted in one of our other forums (which one depends on the container you are using).