Not a ServletContextListener. That one fires events when the app is being deployed, before servicing any requests. And, sessions are created automatically and you may not want the user to log in immediately. That leaves HttpSessionAttributeListener and ServletContextAttributeListener.
Note that using the ServletContext for logging seems like a terrible idea, but you can make it work.
if the question asks to select one: i'll go for HttpSessionListener. the user name can be logged in the listener's sessionCreated().
if it asks to select 2 then i'll go for HttpSessionListener and HttpSessionAttributeListener. the first one logs all the user logged in. the 2nd one can be used to log the user for his entire session period.
Answer is HttpSessionAttributeListener , I went for HttpSessionListener
Book has following explanation
-Option A is incorrect because the user name would not be
known when the session is initially created. Since logging is
desired at the time of the login, the listener’s invalidation
and timeout methods would not be helpful.
-Options B and D are incorrect
because these listeners are used for
I didn't understand why A is not a correct option , session will be created when the user first logged in .HttpSessionListener seems to be correct choice.