• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Session timeouts and listeners....

 
Manish Hatwalne
Ranch Hand
Posts: 2595
Android Firefox Browser Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there a way for me to determine if the session is about to be destroyed due to timeout instead of being invalidated. I have looked into listeners, but none seems to be useful for my purpose.

I need to record time for which user was online when he logs out. When user logs out properly, this is pretty straight-forward. However, when session is timed out, I need to know about it. I have tried things with HttpSessionBindingListener and HttpSessionAttributeListener, however when I try to get session data (like session creation time and last access time. I also need to subtract inactive interval in case of timeouts to get accurate user online time. This suntraction is not needed for regular log-out.) when I receive events, the session is already invalidated by then.

How can I do this?

TIA,
- Manish
 
Bruce Jin
Ranch Hand
Posts: 672
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think HttpSessionBindingListener should serve your purpose. Have a class implement HttpSessionBindingListener. When the session starts/expires, valueBound/valueUnbound method of this interface will be called.
 
Manish Hatwalne
Ranch Hand
Posts: 2595
Android Firefox Browser Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Like i mentioned, at that point I do not have access to sesion data because session is already invalidated so how would I compute session creation time and sesssion last accessed time? Besides these events will be called even on normal log-outs, so how do I distinguish between normal logout and session timeout in this case?

- Manish
 
Ralph Ma
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think HttpSessionListener may meet your requirement. When the session is going to invalidate the sessionDestroyed(HttpSessionEvent se) method will be called by the container, and from the HttpSessionEvent you can get user's session.
 
Manish Hatwalne
Ranch Hand
Posts: 2595
Android Firefox Browser Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The "sessionDestroyed" method is called after the session has been destroyed, at which point it is of no use.

See now the only issue is "accuracy of timestamps" in case of normal log-outs and session timeouts (I have got rest working with HttpSessionAttributeListener). For now it looks like I'll have to live with that limitation. If you guys have any other idea, do let me know.

TIA,
- Manish
 
Ronald Heukers
Ranch Hand
Posts: 69
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Manish,

You are confusing me.
According to the J2EE api sessionDestroyed(HttpSessionEvent se)is a notification that a session is about to be invalidated. In my opinion the session is still there and will be destroyed after completing this method.

Regards,

Ronald
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
From:
http://java.sun.com/j2ee/1.4/docs/api/javax/servlet/http/HttpSessionListener.html


sessionDestroyed

public void sessionDestroyed(HttpSessionEvent se)

Notification that a session is about to be invalidated.

Parameters:
se - the notification event

 
Manish Hatwalne
Ranch Hand
Posts: 2595
Android Firefox Browser Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Huh??? I referred to this (google shows is as first link for HttpSessionListener) -
http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/http/HttpSessionListener.html

It says -


sessionDestroyed

public void sessionDestroyed(HttpSessionEvent se)

Notification that a session was invalidated.

Parameters:
se - the notification event


Besides the name suggests same and I found same in book SCWCD Exam Study Kit as well.
This book suggests same as well, with so much evidence, I didn't experiment with this.

void sessionDestroyed(HttpSessionEvent evt): The method invoked when a session is destroyed by the container. This method will be invoked when a unique client's session times out�that is, after they fail to revisit the Web site for a given period of time, usually 15 minutes.


Now let me see for myself...however from my expts with other two listeners I have seen that you don't get much time to get the session data even when it is "being" invalidated/destroyed.

rgds,
- Manish
[ August 18, 2005: Message edited by: Manish Hatwalne ]
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Looks like a change in the spec.
You posted the API for 1.3.
I posted the API for 1.4.
What servlet spec are you writing for?
[ August 18, 2005: Message edited by: Ben Souther ]
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
One approach that should work either way would be to work with an object other than the session itself. Create a userBean that gets bound to session scope when the user logs in. At the same time, bind it to a context scope map of your own. You could put things like the login time and last accessed time in the userBean's properties.

If the user explicitly logs out, you could record that before your code invalidates the session. You could then use the sessionListener to inform you when a session times out. If you use the sessionID as the key to your own map, you will be able to match the object in your map to the session that it belonged to. This way, even after the session has been invalidated, you will still have a reference to the object that holds the data that you need.

I have a demo app that uses this technique to do something slightly different from what you're doing (Mine just builds a screen that shows who's logged in, and when their session is due to expire). If any of that code is useful to you, feel free to use it.
http://simple.souther.us/not-so-simple.htm
Look for SessionMonitor.
[ August 18, 2005: Message edited by: Ben Souther ]
 
Bruce Jin
Ranch Hand
Posts: 672
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Depend on what you are trying to accomplish HttpSessionBindingListener is usually the one used to track user activities.
You don�t have access to session object when valueUnboud is called but you get notified in the object that implements HttpSessionBindingListener. User activities are recorded inside this class object that implements HttpSessionBindingListener.
 
Manish Hatwalne
Ranch Hand
Posts: 2595
Android Firefox Browser Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I did run few experiments on my Tomcat 5.0.28 and it looks like SessionListener will solve the purpose. Its frustrating -- didn't know that specs changed and all my so called reliable sources (including rabk 1 googr link) confirmed what I beleived!!!

Anyway, thank you guys!!! My problem should be solved now!!!

rgds,
- Manish
[ August 18, 2005: Message edited by: Manish Hatwalne ]
 
Manish Hatwalne
Ranch Hand
Posts: 2595
Android Firefox Browser Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, container docs say it should be possible that way --
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/servletapi/javax/servlet/http/HttpSessionListener.html

- Manish
 
Srivatsa Katta
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Guys i have some clarification with the same sessionDestroyed() method.

Here is what Servlet 2.3 Spec says about that method

sessionDestroyed

public void sessionDestroyed(HttpSessionEvent se)

Notification that a session was invalidated.

Parameters:
se - the notification event


and Servlet 2.4 Spec says


sessionDestroyed

public void sessionDestroyed(HttpSessionEvent se)

Notification that a session is about to be invalidated.

Parameters:
se - the notification event


I am using Servlet 2.3 in my applicaiton, and according to my understanding, whenever session gets invalidated (by calling method session.invalidate() ), the listener method sessionDestroyed() will be called. And in the spec its given that it will be called after session is invalidated, so in sessionDestroyed() method, if we get the session from HttpSessionEvent, it shouldnt have any attributes i have set it before.

But the thing is i am able to retrieve all the attributes i have set to the session in the method sessionDestroyed() .. i am not getting how !! if its works like this in Servlet 2.4 fine but how is it happening with servlet 2.3

Can any one plese explain me ..

-Tripter
 
Pradeep bhatt
Ranch Hand
Posts: 8927
Firefox Browser Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
tripter ,
That is strange. Which container are you using?
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64994
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"tripter",

There aren't many rules that you need to worry about here on the Ranch, but one that we take very seriously regards the use of proper names. Please take a look at the JavaRanch Naming Policy and adjust your display name to match it.

In particular, your display name must be a first and a last name separated by a space character, and must not be obviously fictitious.

Thanks!
bear
Forum Bartender
 
Srivatsa Katta
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Bear,

I have changed my display name as per ur policy..

Thanks
-Tripter
 
Srivatsa Katta
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Pradip,

I am using WebSphere 5.0

Plz some one help me out of this!!

-Tripter
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic