Session expire problem with HttpSessionListener

My objective is when session is Expire i want to display message session is expire...I am using HttpSessionListener....

public class SessionListen implements HttpSessionListener { private int sessionCount; public SessionListen() { this.sessionCount = 0; } public void sessionCreated(HttpSessionEvent se) { HttpSession session = se.getSession(); session.setMaxInactiveInterval(30); synchronized (this) { sessionCount++; } String id = session.getId(); Integer cnt=new Integer(sessionCount); session.setAttribute("count",cnt); session.setAttribute("id",id); } public void sessionDestroyed(HttpSessionEvent se) { HttpSession session = se.getSession(); String id = session.getId(); Integer cnt=new Integer(sessionCount); session.setAttribute("count",cnt); session.setAttribute("id",id); synchronized (this) { --sessionCount; } } }

Now in Servlet file......


public class HelloWorld extends HttpServlet { PrintWriter out=null; public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { response.setContentType("text/html"); HttpSession session=request.getSession(); String id=(String)session.getAttribute("id"); Integer cnt=(Integer)session.getAttribute("count"); out=response.getWriter(); if(cnt==1) { out.println(" The value of session id is : " + id); out.println(" The value of session id is : " + cnt.intValue()); } else { out.println(" session is expire : " + cnt.intValue()); } } } PROBLEM IS THAT Every time its check ONLY for IF condition.....its not going in ELSE PART....
means if session is destroy and user click on html page so request redirect to servlet...and it will again Create a NEW session....
SO ANY WAY TO CHECK the session is expire or not???

Please UseCodeTags when posting code or configuration. Unformatted code and configuration is unnecessarily difficult to read. You can edit your post by using the button.

You will get the call to sessionDestroyed in a Thread that is completely independent of any request thread. You could keep a list of session ids as they are destroyed, but what would you do with it?

In the request Thread you can determine if a session is new and thats about it.


Bill

when session is destroyed ..the session destroyed method is called i simply decrement the Integer variable and when session is created i just Increment the variable.. then set the session variable with that value...and in servlet file i simply get the variable value.........

the Problem is that...I always get same value...session destroyee method is called...but when USER click on JSP file ....it will create a new Session because session is destroyed...

So please tell me any Solution...

dashang trivedi wrote:the Problem is that... when USER click on JSP file ....it will create a new Session...

So please tell me any Solution...

This is the real problem, isn't it? There's no session at this point in time. But you want to tell the user that the previous session timed out. Therefore... you can't store that information in the session, because it won't be available. You will have to store it somewhere else.

So sir...where to store ...how i display the message your session is expire.......

If you have some database with entries for each user, you could record the last time they got a session and the time the session expired.

There are simple databases you could keep in memory if the number of users is not huge.

Do you currently track users beyond a single session/

Bill

What if we have a token generated and sent back to the user when the session was first created, so that with each of the subsequent requests we will be getting the token. (say all your links displayed in the page will have an additional parameter for the token, just on similar lines to encodeURL)

Have a servlet filter in in place which will read the token
1. If no token is existing then it may be the first request, forward to login page
2. If there is a token present and no session associated then forward to the error page you require, else let the request go through.


Another alternative is not to allow direct access to jsp from the front end but all links will be sending request to a controller (a Front Controller) which would do these checks before forwarding to the required jsp.

My objective is when session is Expire i want to display message session is expire...

I am trying for token but its every time create a new token....

if you have code that run perfect than PLEASE out the code here....its help community a lot...

It is fine even if you create a new token for each request, it is also helpful for detecting duplicate submissions of form. How come you are not able to detect from the tokens that the session which has generated this token has expired?

Why don't you post your code with the token logic?

Cookie Token is same as i create a Session id....
main problem is that when session is expire than its create a new session....Check the If condition....Its session default behavior..
we cant change it....So now question is how we set the logic that its go in ELSE part...which session destroy condition......
in that condition i display message SESSION is EXPIRE........think it....

# public void doGet(HttpServletRequest request, HttpServletResponse response) # throws IOException, ServletException # { # response.setContentType("text/html"); # HttpSession session=request.getSession(); # # String id=(String)session.getAttribute("id"); # Integer cnt=(Integer)session.getAttribute("count"); # out=response.getWriter(); # # if(cnt==1) # { # out.println(" The value of session id is : " + id); # out.println(" The value of session id is : " + cnt.intValue()); # } # else # { # out.println(" session is expire : " + cnt.intValue()); # } # # }

Please read my previous post again, apart from storing a token in session you need to get it back from the client (browser) every time. The token will not be a simple number like count attribute in your case. You may have the token as say the the value returned by System.currentTimeMillis().
When sending back the response back to the client store this token value in it as a parameter for each link you display on your page and also store the token in your session.

When you are getting a request which has a token associated with it but no session associated with the request on the server, you may say that the page was served when the session was active and hence show the message "Session already invalidated"

For your purpose you may just generate the token at the beginning of the session and not for each requests.
Generating a new token for each request is useful when you need to prevent duplicate submission of the form.

What about this? This uses a cookie called "token" to store the session ID. If the cookie doesn't match the session ID, it means the user's previous session timed out. Of course, this only works if the client supports cookies...

public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException{ HttpSession session = request.getSession(); if (session.isNew()){ //find the "token" cookie Cookie token; Cookies cookies[] = request.getCookies(); for (Cookie c : cookies){ if (c.getName().equals("token")){ token = c; break; } } if (token == null){ //user is accessing site for the first time, so create the cookie token = new Cookie("token", session.getId()); cookie.setMaxAge(-1); response.addCookie(cookie); } else { //user has accessed page before if (!token.getValue().equals(session.getId()){ //display "session timed out" //delete the cookie (is this how you do that?) token.setMaxAge(0); response.addCookie(token); } else { //display page normally } } } }
Your code is just counting the number of active sessions...this doesn't help to tell whether a session has timed out.

Amol's solution is better because it doesn't require cookies, but you'd have to add an extra parameter to every single link which is tedious.

Thank-you Michael....your Logic is great.....
yes now i understand i m just counting....the active session....i m just confuse with how previous session is store....
great solution .... i think this help a community a lot....

i am just confusing with your statement...
why you say that Amol's solution is better because it doesn't require cookies....
is it possible without cookies???

thank-you....

dashang trivedi wrote:
why you say that Amol's solution is better because it doesn't require cookies....
is it possible without cookies???

That's just one possible solution I thought up...not sure how else you'd do this. It seems like a common problem though, so there must be a solution somewhere..