Do HttpSessionListeners work at all times?

Question

I have a very basic question about using these Session Listeners in my tomcat web applet. I lack the basic understanding of how they operate. Do they operate at all times? Can they somehow detect when a user logs out without explicitly clicking a "log out" button which serves to invalidate his session? For example, this occurs when he is inactive for 30 minutes (by default). And how do they register when the user logs on? (This can only be done explicitly in my web app as an account is required to log on).

I am asking this because I want to implement some kind of an "online" list, similar to the one used by chat applications or social networking sites, which would be viewable by all users. The online user information would be stored in a database, if that is important.

Answer 1

If a new session is created, say request.getSession()/LogIn , the listener’s sessionCreated() is called. and If a session is destroyed, like session’s timeout/session.invalidate()/Logout, sessionDestroyed() will be called. (I.e. How it works on a broader view)

Answer 2

It's not a "web applet".

HttpSessionListener only responds to 2 events. Creating and destroying a session. The first one is obviously called if you manually or automatically create a session, and the second one is called if you either manually destroy the session, or if it times out. There's no way of knowing whether a user has "logged out" if he doesn't actively press a log out button (he could have closed his computer for all we know).

So basically it depends on the session timeout how accurately you can display online users.