This week's book giveaway is in the Jython/Python forum.
We're giving away four copies of Murach's Python Programming and have Michael Urban and Joel Murach on-line!
See this thread for details.
Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Help on HttpSessionListener  RSS feed

 
Brian Quinn
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a class that implements HttpSessionListener and Filter. All it is used for is to check if the session is still active when a request is made. For some reason, the first time I boot the app, the listener catches a session destroyed event, even though all I did was call a servlet that has request.getSession() in it. Any ideas why the Listener thinks a session is destroyed ?
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a class that implements HttpSessionListener and Filter.

Why?

The two concepts seem to be mutually exclusive to me. Do you have any reason to combine the two?
[ January 26, 2005: Message edited by: Ben Souther ]
 
Brian Quinn
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


The filter idea was to respond to any requests so the app knew the listener had flipped the flag telling me the app session died. My problem is now that if user 1 has session die, but doesn't click anywhere, user 2's session will start dead. Any ideas how I can handle this ?
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would start by separating the two.

Create a filter class and a listener class.
Also the use of this instance variable is not thread safe:
boolean isDestroyed = false;
 
Brian Quinn
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ben
Is there a better way to track session timeout ? The idea is that if a user clicks on a page and the session is dead - go back to the main page. We thought this was the best solution, but since the listener is only instantiated once, if a session times out for any user, it times out for all users - which is not correct. Is there a better way to implement this solution ?
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is how I'm doing it:
I'm using programatic security instead of the declarative options available with Tomcat and/or other servers.

When a user logs in, I get some of their user information from the database and put it in a bean (called userBean) and bind that to the user's session.

All the other pages go through a filter that makes sure that a userBean exists in this user's session. If it's missing (null), I forward the user to the login page. Otherwise, the request continues to it's intended destination.
[ January 27, 2005: Message edited by: Ben Souther ]
 
Adeel Ansari
Ranch Hand
Posts: 2874
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Ben Souther:
This is how I'm doing it:
I'm using programatic security instead of the declarative options available with Tomcat and/or other servers.

When a user logs in, I get some of their user information from the database and put it in a bean (called userBean) and bind that to the user's session.

All the other pages go through a filter that makes sure that a userBean exists in this user's session. If it's missing (null), I forward the user to the login page. Otherwise, the request continues to it's intended destination.


Same here.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!