CODEWITHSUNDEEP
javahttpsession
Rafael Carrillo
Rafael Carrillo

Reputation: 2883

Get expiring from HttpSession object

I'm trying to catch the sessionDestroyed event from a HttpSessionListener in order to check if was triggered by a sessionTimeout.

While I'm debugging I can see an attribute named "expiring" that according to the documentation this attribute is used to internally skip some Exceptions.

expiring We are currently processing a session expiration, so bypass certain IllegalStateException tests. Source

The problem is , since this attribute is set to "protected" I'm not able to check if this event was effectively triggered by a session timeout.

I need to catch this session timeout event to save a record on database.

Can someone help me?

This is what I have so far:

public class AppHttpSessionListener implements HttpSessionListener {

    @Override
    public void sessionCreated(HttpSessionEvent se) {
    }

    @Override
    public void sessionDestroyed(HttpSessionEvent se) {
        LOG.log(Level.INFO, "DEBUG: SESION DESTRUIDA");
    }
    private static final Logger LOG = Logger.getLogger(AppHttpSessionListener.class.getName());

}

Upvotes: 2

Views: 1154

Answers (2)

fg78nc
fg78nc

Reputation: 5232

Maybe you can try to estimate it? 

@Override
    public void sessionDestroyed(HttpSessionEvent se) {

    HttpSession httpSession = se.getSession();

    long lastAccessedTime = httpSession.getLastAccessedTime();
    int maxInactiveTime = httpSession.getMaxInactiveInterval();

     if ((System.currentTimeMillis() - lastAccessedTime) >= (maxInactiveTime*1000) {
         LOG.log(Level.INFO, "DEBUG: SESION DESTRUIDA");
   }

Upvotes: 1

Akash
Akash

Reputation: 593

In the HTTP protocol, there is no explicit termination signal when a client is no longer active. This means that the only mechanism that can be used to indicate when a client is no longer active is a time out period.

The default time out period for sessions is defined by the servlet container and can be obtained via the getMaxInactiveInterval method of the HttpSession interface. This time out can be changed by the Developer using the setMaxInactiveInterval method of the HttpSession interface. The time out periods used by these methods are defined in seconds. By definition, if the time out period for a session is set to -1, the session will never expire. The session invalidation will not take effect until all servlets using that session have exited the service method. Once the session invalidation is initiated, a new request must not be able to see that session.

The getLastAccessedTime method of the HttpSession interface allows a servlet to determine the last time the session was accessed before the current request. The session is considered to be accessed when a request that is part of the session is first handled by the servlet container.

Upvotes: 0

Related Questions