Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
833 views
in Technique[技术] by (71.8m points)

java - HttpSessionListener not detecting session timeout

I have an implementation of javax.servlet.http.HttpSessionListener that is supposed to detect user session invalidation/timeout in a Struts project.

The sessionDestroyed() never seems to be getting called, I can reproduce this by deleting my JSESSIONID and refreshing the page. I also find that leaving the browser open until the session times out has the same effect.

The site is running in JBoss 4.2.3.GA with Java 1.5.

I'm starting to suspect that HttpSessionListener does not do what I expect it to, am I missing something?

Edit :

My listener is registered in my web.xml as follows:

<listener>
    <listener-class>com.domain.web.listener.LogoutListener</listener-class>
</listener>
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

The sessionDestroyed() method is not called until the web container expires the session. The server doesn't know you deleted the JSESSIONID cookie, your browser just looks like another new session.

From what I've seen with Tomcat, and I believe it's up to each web container implementation, session expirations happens every minute. So even after the session times out there could be a delay until the next detection of expirations.

It should definitely happen eventually though. Especially if you set the timeout to a minute and wait a few minutes. Note the timeout is specified in minutes, so one minute is the minimum to test with. I assume you have your listener registered in your web.xml file?


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...