Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Question on HttpSessionListener

 
Nimchi Yung
Ranch Hand
Posts: 71
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My web application is using Container Managed Authentication.
Now a new requirement comes in that I have to check if my webapp
still within license window.
I was thinking to use HttpSessionListener such as when new
session is created, then perform the license check.
In my Listener, I have something like:
public void sessionCreated(HttpSessionEvent event)
{
System.out.println("new session created\n");
}
public void sessionDestroyed(HttpSessionEvent event)
{
System.out.println("session destroyed\n");
}
When I logged in, I did not see the "new session created"
message. But when I logged out (using session.invalidate()),
then I saw the message "session destroyed" follows by
"new session created".
Why is that?
--Nimchi
 
Frank Carver
Sheriff
Posts: 6920
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
then I saw the message "session destroyed" follows by
"new session created".

This usually happens because the "log out" button performs its action then forwards (or redirects) to a JSP. Unless explicitly prevented, every JSP fetches or creates a session, so a new session is created immediately after the old one is destroyed.
The usual way round this is to have the "public" bits of the application, which are available to visitors who have not logged on, made out of static HTML files or non-sessional JSPs.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic