Detecting Session Expiration

[The Barge]

Im trying to find a way to detect when a session expires. The obvious way
is to use the HttpSessionListener and it's sessionDestroyed method. The
problem is - you cant access the session data because when this method is
called the session has already expired (per the servlet 2.3 specs).

Is there a way to create a listener thats called PRIOR to the session
termination? I have code that adds a session attribute when a user logs in
(i.e. a user ID). I'd like to run some java code to call a logout type
method when the session expires (if someone closes a window rather than
clicking "logout"). But I need to be able to run a session.getAttribute to
pull the user ID information.

Is there a way to implement this using web.xml? I've done some research
and apparently you can use a HttpSessionBindingListener.. but the problem
with this is that it has to be added to every session. I'd like to find a
solution like the HttpSessionListener that uses an entry in the web.xml
file.

Is there any way to do this similar to the HttpSessionListener thats called
prior to the session termination so I can still read the session
attributes? BTW - My app is using the latest version of Jetty.

Thanks,

The Barge

 

[Murray]

Im trying to find a way to detect when a session expires. The obvious way
is to use the HttpSessionListener and it's sessionDestroyed method. The
problem is - you cant access the session data because when this method is
called the session has already expired (per the servlet 2.3 specs).

Is there a way to create a listener thats called PRIOR to the session
termination? I have code that adds a session attribute when a user logs in
(i.e. a user ID). I'd like to run some java code to call a logout type
method when the session expires (if someone closes a window rather than
clicking "logout"). But I need to be able to run a session.getAttribute to
pull the user ID information.

Is there a way to implement this using web.xml? I've done some research
and apparently you can use a HttpSessionBindingListener.. but the problem
with this is that it has to be added to every session. I'd like to find a
solution like the HttpSessionListener that uses an entry in the web.xml
file.

Is there any way to do this similar to the HttpSessionListener thats called
prior to the session termination so I can still read the session
attributes? BTW - My app is using the latest version of Jetty.

Thanks,

The Barge

Have you actually tried using HttpSessionListener#sessionDestroyed() ?
Although the Session will no longer be valid from the container's point of
view, you should still be able to access the actual HttpSession object via
the HttpSessionEvent that is passed to the method.

 

[Murray]

I have tried this in the past, and maddeningly I couldn't actually get the
object, just the id. As has been said, the session has expired.

Probably won't help you, but the following code works fine with Apache
Tomcat (i.e. the username is printed, hence I'm able to get attributes from
the session that just expired). Which appserver are you using?

public class MySessionListener implements HttpSessionListener {

public void sessionCreated(HttpSessionEvent sessionEvent) {
// do nothing
}

public void sessionDestroyed(HttpSessionEvent sessionEvent) {
User user = (User)
sessionEvent.getSession().getAttribute("loginUser");
if (user != null) {
System.out.println("User " + user.getUserName() + " logged or
timed out");
}
}
}

 

[Murray]

public class MySessionListener implements HttpSessionListener {

public void sessionCreated(HttpSessionEvent sessionEvent) {
// do nothing
}

public void sessionDestroyed(HttpSessionEvent sessionEvent) {
User user = (User)
sessionEvent.getSession().getAttribute("loginUser");
if (user != null) {
System.out.println("User " + user.getUserName() + " logged or
timed out");
}
}
}

Grr @ line-wrapping >:-|

 

[VisionSet]

Have you actually tried using HttpSessionListener#sessionDestroyed() ?
Although the Session will no longer be valid from the container's point of
view, you should still be able to access the actual HttpSession object via
the HttpSessionEvent that is passed to the method.

I have tried this in the past, and maddeningly I couldn't actually get the
object, just the id. As has been said, the session has expired.

 

[Cid]

As of the 2.4 servlet spec sessionDestroyed is called just prior to
invalidation of the session. Is that version an option or are you
stuck with 2.3?

 

[The Barge]

As of the 2.4 servlet spec sessionDestroyed is called just prior to
invalidation of the session. Is that version an option or are you
stuck with 2.3?

Im using Jetty 4.2 so Im not sure what version of the servlet spec that it
supports. I tried using the sessionDestroyed() method with the doctype in
web.xml set to 2.3 and I get an IllegalStateException when trying to access
the session using getAttribute(). I'll try setting the doctype to 2.4 and
see if that helps.

Thanks

 

[mgungora]

Im trying to find a way to detect when a session expires. The obvious way
is to use the HttpSessionListener and it's sessionDestroyed method. The
problem is - you cant access the session data because when this method is
called the session has already expired (per the servlet 2.3 specs).

Is there a way to create a listener thats called PRIOR to the session
termination? I have code that adds a session attribute when a user logs in
(i.e. a user ID). I'd like to run some java code to call a logout type
method when the session expires (if someone closes a window rather than
clicking "logout"). But I need to be able to run a session.getAttribute to
pull the user ID information.

Is there a way to implement this using web.xml? I've done some research
and apparently you can use a HttpSessionBindingListener.. but the problem
with this is that it has to be added to every session. I'd like to find a
solution like the HttpSessionListener that uses an entry in the web.xml
file.

Is there any way to do this similar to the HttpSessionListener thats called
prior to the session termination so I can still read the session
attributes? BTW - My app is using the latest version of Jetty.

Thanks,

The Barge

If you need to access to a specific object saved in the session before
the object is removed when the session expires, you can implement the
HttpSessionBindingListener in that specific object. The valueUnbound
method will be called before the container removes that object from
the session. Of course, I guess, there is no guarantee that any other
session object will be around at that point in time.

-murat

 

[The Barge]

If you need to access to a specific object saved in the session before

the object is removed when the session expires, you can implement the
HttpSessionBindingListener in that specific object. The valueUnbound
method will be called before the container removes that object from
the session. Of course, I guess, there is no guarantee that any other
session object will be around at that point in time.

-murat

Yeah I thought about using HttpSessionBindingListener but the problem with
that is that I have to create a new instance of the object and store it (as
an attribute I assume) to everyones session.

But - I'll see if I can get that to work.