HttpSessionListener does not detect session timeout

Question

HttpSessionListener does not detect session timeout

I have an implementation of javax.servlet.http.HttpSessionListener that should detect the invalid / timeout of a user session in a Struts project.

SessionDestroyed () never seems to be called, I can reproduce this by deleting my JSESSIONID and refreshing the page. I also found that leaving the browser open until the session time had the same effect.

The site runs on JBoss 4.2.3.GA with Java 1.5.

Am I starting to suspect that the HttpSessionListener is not doing what I expect, am I missing something?

Edit:

My listener is registered in my web.xml as follows:

<listener> <listener-class>com.domain.web.listener.LogoutListener</listener-class> </listener>

+3

java java-ee session-timeout

seanhodges Mar 22 '11 at 11:04

source share

2 answers

you need to register the listener in web.xml under WEB-INF in your application. your listener's name

-2

xiaqingjue Jul 01 '11 at 6:37

source share

Whitefang34 · Accepted Answer · 2011-03-22T11:15:00+0000

The sessionDestroyed() method is not called until the web container expires. The server does not know that you deleted the JSESSIONID cookie, your browser just looks like a new session.

From what I saw with Tomcat, and I believe in every implementation of the web container, session exits happen every minute. Therefore, even after the end of the session, a delay may occur until the next expiration is detected.

Ultimately, this must happen. Especially if you set a timeout for a minute and wait a few minutes. Please note that the timeout is in minutes, so one minute is the minimum for testing. I assume your listener is registered in your web.xml ?

HttpSessionListener does not detect session timeout

More articles: