posted 19 years ago
Hi,
First of all, either way it is the same thing whether a session was created new or a session was re-created due to expiry. There is probably no way to know this just by using any availble API's. If is it necessary for you to know this, then probably the following workarounds might be tried.
1. Use cookies and store the login time of the user. Keep the cookie expiry time to 2 or 3 times the session timeout interval. And when the session is recreated, the cookie can be checked to see if the user was logged in some time before. But I must warn here that, the session might not have expired. the user could have deliberately closed the session and trying to log in again.
2. You can also keep a flag in a database or flat file (if no. of users are not more) for each user in addition to above setting. The flag would be set for the user if the session for the user was expired. So, either by combining this two strategies or by storing the last login time of the user in the database itself along with the flag you can check whether the session is new (first time created) or was recreated because of session timeout. You can use the sessionDestroyed method of javax.servlet.http.HttpSessionListener interface to track the session expiry time and flag.
Ritesh<br /> <br />SCJP 1.4<br />IBM Test 340<br />IBM AIX V4.0 Certified Professional<br /> <br />Right actions for the future are the best apologies for wrong ones in the past.<br />- Tyron Edwards