All geek questions in one place

HttpSessionListener - Will the sessionDestroyed method be called at a session timeout?

I have an implementation of HttpSessionListener where the "blocked" resources in the application are freed using the sessionDestroyed method.

Information about the lock is stored in the database, and in most cases the release of locks works fine. But in some cases, I still see that the resource is locked - even if the session is active!

So, I doubt that there is a chance that sessionDestroyed will not be called? Suppose session timeout - is the sessionDestroyed method sessionDestroyed ?

Suppose a user closes a browser tab without logging out (destroying a session). Then will the listener be called?

Thanks in advance!

+6
source share
2 answers

The servlet engine will handle session timeouts. He will determine when the session is no longer valid, and he will call sessionDestroyed . (this can happen some time after the user closes the browser).

Some other points:

Logging

Perhaps you can add some entries to the sessionCreated and sessionDestroyed methods. for every session you create, you must have sessionDestroyed.

Excepion Processing

Perhaps the fact that the material remains blocked is not due to the fact that the session is not destroyed, but, perhaps, due to an error in your sessionDestroyed logic. Do you have sufficient handling / registration of exceptions?

Timing

Do you wait long enough to check for blocked resources? (close all clients and consider the session timeout value configured on the application / server). As mentioned earlier, the server cannot detect the user closing the browser, but he retains his list of http-sessions, and he will destroy them after a timeout.

+2
source

So, I doubt that there is a chance that sessionDestroyed will not be called? Suppose if a session is disconnected, will the sessionDestroyed method be called?

Yes. A session is destroyed when it expires, or someone expires it programmatically (via HttpSession.invalidate() ).

Suppose a user closes a browser tab without logging out (destroying a session). Then will the listener be called?

No, because the session is still valid. If the specified user opens the website again, his session will continue to be valid.

From the HttpSession javadoc :

Notifications are sent after the completion of binding procedures. For sessions that are invalid or expire, notifications are sent after the session has been declared invalid or expired.

+1
source

Source: https://habr.com/ru/post/891204/

More articles:


All Articles