• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to catch when the Session times out in Tomcat

 
Adena Galinsky
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In order to ensure the only each user only has one session open at a time, we're doing the following:
1. When the user tries to log in, we check to see if the user's id is in the active_session table in our database. If it is not, the user is allowed to log in. If it is, the user is prohibited from logging in.
2. When the user logs in, the user's id is put in the active_session table in our database.
3. When the user logs out, the user's id is removed from the active_session table in our database.
My question is, how can we know to update the active_session table (i.e., remove the user id) when the user's session times out? I did not see any documentation of this in the Servlet spec, or in Tomcat's docs.
Thanks for any help,
Adena
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13071
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What you are looking for is in the javax.servlet.http package, the HttpSessionBindingListener interface.
Just add an object implementing this interface to each session, when the session times out, or is invalidated directly, the object gets a call to the method:
public void valueUnbound( HttpSessionBindingEvent e)
where the event includes a reference to the session being destroyed.
Bill
------------------
author of:
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic