Session Listener

Similar Messages

• How to implement session listener in RM

  Hi,
  In my repository manager, a connection to another system is established when a user tries to access the repository. Is there any way to implement a session listener, thereby terminating the sessions to another system when the EP user logs off?
  In our words, in Repository Manager, how can I know when an EP user clicks Log off?
  Thanks,
  Ray

  Or, how can I know when a user logs off EP in my repository manager?

• Get Http Request in Session Listener?

  Is it possible get Http Request in Session Listener when session is created? I need to get cookies when session is created.
  anyone knows?

  No, it is not possible.

• Servlet session listener

  Hello Forum members,
  I want to delete a directory on my server after the session has expired. The session has the directory path that I want to delete. <listener>/<listener-class> in web.xml listens for the session expiry. I implemented the following code (session listener) to do the job. This works fine when I deploy on Weblogic App server but does'nt work if I delpoy it on to TOMCAT.
  What I am doing is getting the path of the directory from the session using session listener sessionDestroyed(HttpSessionEvent se)
  once the session has expired and delete it. Is this the right of doing this or is there any other method that I can use?
  public void sessionDestroyed(HttpSessionEvent se) {
            HttpSession session;
            File path;
       System.out.println("enter the sessionDestroyed method");
            try{
       session = se.getSession();
                 if ( session != null ){
  if ( (String)session.getAttribute( FILES_DOWNLOAD_PATH_ATTRIBUTE) != null ){
                      path = new File((String)session.getAttribute( FILES_DOWNLOAD_PATH_ATTRIBUTE));
                      FileUtils.deleteFilesInThisDirectory(path);
                      FileUtils.deleteDirectory(path);
            }catch(Exception exception){
                 System.out.println("some problem in DeleteOnExit.sessionDestroyed() " + exception.toString());
  System.out.println("exit the sessionDestroyed method");

  Hello Forum members,
  I want to delete a directory on my server after the session has expired. The session has the directory path that I want to delete. <listener>/<listener-class> in web.xml listens for the session expiry. I implemented the following code (session listener) to do the job. This works fine when I deploy on Weblogic App server but does'nt work if I delpoy it on to TOMCAT.
  What I am doing is getting the path of the directory from the session using session listener sessionDestroyed(HttpSessionEvent se)
  once the session has expired and delete it. Is this the right way of doing this or is there any other method that I can use? Any help will be appreciated!!
  public void sessionDestroyed(HttpSessionEvent se) {
  HttpSession session;
  File path;
  System.out.println("enter the sessionDestroyed method");
  try{
  session = se.getSession();
  if ( session != null ){
  if ( (String)session.getAttribute( FILES_DOWNLOAD_PATH_ATTRIBUTE) != null ){
  path = new File((String)session.getAttribute( FILES_DOWNLOAD_PATH_ATTRIBUTE));
  FileUtils.deleteFilesInThisDirectory(path);
  FileUtils.deleteDirectory(path);
  }catch(Exception exception){
  System.out.println("some problem in DeleteOnExit.sessionDestroyed() " + exception.toString());
  System.out.println("exit the sessionDestroyed method");
  Thanks

• Session listener runs twice

  Hi!
  I have a session listener object in a Tomcat 5.0.19 container, which has the following simple method:
  public void sessionDestroyed(HttpSessionEvent e) {
  System.out.print("Session destroyed: ");
  System.out.println(e.getSession().getId());
  My problem is, that this method is called two times after every session is destroyed. The other, sessionCreated() method runs only one time.
  Can anybody help me?
  Thank you in advance!
  Tomasits �kos.

  For any Tomcat related questions/bugs, please use one of the following options:
  - File a bug at http://nagoya.apache.org/bugzilla/
  - Send email to [email protected]
  - Send email to [email protected]
  Thanks!
  Jan

• How to invalidate a session based on the session id

  How to invalidate a session based on the session id

  You have to write your own support for this.
  It used to be in the API, but was deprecated as a security hole.
  The best way to do it is implement a session listener (javax.servlet.http.HttpSessionListener) which notifies you when sessions are created/destroyed.
  You can then keep a map of sessions in your own code, indexed by session Id, and access any/all of them to invalidate as you choose.

• How do I close a connection when the session ends?

  I have a website that is using JavaMail to display a user's mail through the browser. I'd like to keep the connection to the mail server open during the whole session that the user is logged in, in order to improve response time. The problem is, I can't detect if a user closes their browser so that I can close the connection to the server.
  Is there a way for me to close the mail server connection when the session ends?
  Thanks.

  Create session listener, Impliment sessionDestryoyed
  method with your connection close statements.I was wondering how to use the listener for a Servlet as well, what would you type in that method to close the connection?.
  public class ServletListener
       implements
            ServletContextListener,
            ServletContextAttributeListener,
            HttpSessionListener,
            HttpSessionAttributeListener
  public void sessionDestroyed(HttpSessionEvent arg0)
            //System.out.println( arg0 );
  }

• Httprequest.getSession(false) creating a NEW Session

  I am working on a web application which uses STRUTS. All the client requests are directed to loginaction class.
  Any resource in the application, is accessed thru the action class.
  Overview: In the action class, i am checking if there is any session associated with the new user using
  session = request.getSession(false);
                    if (session != null) {
        if (session.isNew()) {
        logger.info("New Session Created [" + session.getId() + "]");
        } else {
        logger.info("Session EXIST'S ["+ session.getId()
       + "], Retreiving user from session");
                     }According to the Servlets 2.2 API:
  public HttpSession getSession(boolean create) Returns the current HttpSession associated with this request or, if if there is no current session and create is true, returns a new session.
  If create is false and the request has no valid HttpSession, this method returns null.
  if (session.isNew()) ,
  this if statement should return false and be skipped, as session = request.getSession(false);wont create a new session. When i parse the logs, I see the log statement, "New Session Created ". Which makes me wonder, that a new session is being created
  Problem: When i debug, i see that container is creating a new session if the session doesnt exist. According to API mentioned above, it should not create a new session. It should return null.
  Did anyone had a similar issue? While researching i found this article that using struts, the container creates a default session.
  I found this article: http://www.theserverside.com/discussions/thread.tss?thread_id=21643
  Environment: IDE:WSAD5.1, Appserver:Websphere, Browser:IE 6.0, Struts, JSP, JSTL

  Hi,
  We have two appliactions. Our application say B is uses authentication mechanism provided by say A.
  So the user, is presented a login page by application A. Once they are authenticated, without the knowledge of user, its being forwarded to our application say B.
  Once he is in our application, he can navigate in our application, say,
  he goes from page1 to page2. page1 is the main page. Now browser caching is enabled. When he hits the back button to access page1, browser is sending a new request to our applicaiton insted of furnising form local cache( this is another issue). Even though a new request is sent, all the requests are routed thru a struts controller action class. Now in the action class, we check if its a new session or not.
  request.getSession(false). Since the user is an old user, it shouldnt create any new session.
  As per your suggestion, where should i put the directive in the jsp to not to create a default session?. In page1 which is the main page?.
  How should i implemnt the session listener interface. Do u have any templates or code snippets?.
  Any suggestions?

• Getting all session and info about each session

  I want the functionality of HttpSessionContext, but unfortunately, it is deprecated. Specificially, I want to be able to get a Collection of all of the existing HttpSessions so I can loop through them and call the getAttribute(String) and getLastAccessedTime() methods on each HttpSession. The ultimate goal would be to print out a list of all existing sessions, when their were last accessed and print the value of any session attributes that I choose. Is there a way to do this?

  The session listener is available to you in j2ee containers 1.4 and above. It will tell you when a session is created or destroyed. As far as getting you hands on all the sessions there is no j2ee spec defined to give you this. However if you are lucky, the application server's vendor may provide the api to do exactly what you want.

• Trapping the session timeouts in the browser.

  Hi
  I have a web application that sets timeouts on httpsessions. I need to trap the session timeout and bring a popup window to warn the user and continue to work if user wants to continue. How can I achieve this ?
  Thanks

  That works only on the server side. I need to trap it in the browser, for server there is no way to contact the client after trapping the session timeout.
  You can use Session listener to trap the session time
  out
  http://www.google.com/search?sourceid=gmail&q=Session%
  20Listener

• Session issues. (IE7)

  Hi all,
  I got two bothering questions and I hope someone knows the answer(s):
  1. I implemented session listener and when I close the browser the destroy method not invoke, what can be wrong?
  2. When I open new tabs in IE7 the session is duplicated instead of display me the login page, how can I handle it?
  Thanks in advance to all,
  Sasi

  The sessions are server side objects, managed using Clientside cookies, using host addresses or URLrewriting (two as backups).
  The client closing the browser does not signal the server. An onUnLoad() method can be writen in javascript to do this but will almost certainly be unnessesary. The session will timeout by default.
  The session API will not be able to distinguish between 2 different tabs as both access the same cookies and request from the same IP:port address. Sessions are there to recognise client session, not necessarily user sessions, having 2 users logged in using the same browser must be idiosyncratic to your problem, this is undesirable to the majority of serverside apps.
  (Just as a beside, the session is not duplicated, the same session object is returned by both invokations of the doGet/Post method).

• End of session operations

  Hi
  I have this problem with Tomcat 6.0:
  I have a bean in session scope that is responsible for executing some MySQL operations (creating tables, inserting rows, deleting...etc). All these operations are temporary and the tables created by the this bean have to be deleted when the session is invalidated. I added these two methods to my bean:
  public class ResultsBean implements Serializable, HttpSessionBindingListener
    /* Bind / Unbind operations */
    public void valueBound(HttpSessionBindingEvent event)
      //System.out.println("resultsBean was loaded!");
      this.sessionID = event.getSession().getId();
      init();
    public void valueUnbound(HttpSessionBindingEvent event)
      //System.out.println("resultsBean was unloaded!");
      finish();
  }finish(), cleans up the tables the bean has created during the session.
  The problem is that i would always have leftovers in MySQL from past sessions (not all but some). I know that the problem is somewhere with the invalidation process because looking into the logs I cannot see any attempts to cleanup the database for the sessions that left the mess.
  My webapp web.xml is configured with 2 minutes timeout.
  How can I initiate a proper cleanup process whenever a session is invalidated?
  Is it possible to make a background process in Tomcat similar to Java's garbage collector?
  Thanks!

  That's what I was missing I didn't know the web.xml had a <listener> tag.
  SessionCleaner.java:
  package listeners;
  import javax.servlet.http.*;
  public class SessionCleaner implements HttpSessionListener
    /* Session Listener */
    public void sessionCreated(HttpSessionEvent sessionEvent)
      System.out.println("Session created: " + sessionEvent.getSession().getId());
    public void sessionDestroyed(HttpSessionEvent sessionEvent)
      System.out.println("Session ended: " + sessionEvent.getSession().getId());
  }web.xml:
  <!-- Listeners -->
  <listener>
       <listener-class>listeners.SessionCleaner</listener-class>
  </listener>
  .Works like a charm.
  stdout log:
  Session created: 0E953FC8AEA6B5BE37F714D72F33DF1F
  Session ended: 0E953FC8AEA6B5BE37F714D72F33DF1FThanks for the hint bandarurm!
  Edited by: exkor5000 on Feb 27, 2009 5:20 PM

• Session expired message in form based authentication

  Hi, i m using JAAS form based authentication on jboss for our application and we want session expired message to show in the login form when it loads for authentication after session expired.
  do any one have any idea how to achive this as the application will never be able to detect that the session expired as it will always have a valid session available becoz ,When an HTTP session expires and the client makes a request to any secured resource, the JAAS subject will not be found for authorization. At this point, the security framework creates a new HTTP session, stores the target URL value in the session, and then redirects the user to the login page. After a successful login process, the user is forwarded back to the target page,
  but our Web applications may need to capture these session expiration events and show some custom message to the user.
  HTTP session listener doesn't work here as HTTP session listener does not allow you to create a new session.
  Thanks in advance

  ObSSOCookie does have session time data. Access Manager SDK can parse the cookie and can access it's own settings for max and idle session time.
  Trick is, once the user is logged out, the cookie is destroyed. I suspect there is no real practical way to do this.
  I have pondered the idea that you could use AJAX to communicate with a service that uses the SDK to return data about current session state - "You have 40 seconds left to get your form filled out, buddy! 39, 38, 37..."
  Oh to have that much free time... ;)
  Mark

• Weblogic portal session data lost

  Hi,
  I have a peculiar scenario where the data set in the HttpSession gets lost intermittently. I could not really figure out a pattern where this occurs.It occurs any where in the application.
  I have a session listener tied to the Session which does not get triggered when the session data is lost in this manner. This makes me to believe that the session itself is not getting killed. but only the data gets lost.
  I am using Weblogic Portal Server 8.1 sp5 on UNIX server.
  Any help is greatly appreciated.
  Thanks
  Raj

  Well, we use the standard authentication:
  [url http://edocs.bea.com/wlp/docs81/javadoc/com/bea/p13n/security/Authentication.html#login(java.lang.String,%20java.lang.String,%20javax.servlet.http.HttpServletRequest)]
  Hope it will work in your case. Good luck.
  Edited by pecanov at 07/05/2007 1:41 PM

• BUG: ADF FACES 10.1.3 04: Crash w/nested UIXCollection & persistent session

  Use of a UIXCollection (af:table or af:iterator) nested within another UIXCollection causes a crash during processDecodes if the session state has been serialized and deserialized. The problem is that when the outer iterator restores its stamp state during iteration (in postRowDataChange), it ends up calling __setMyStampState on the inner iterator with an InternalState object that has been deserialized, and whose (transient) prevVarStatus member is therefore null (and not NULL, as it is normally initialized). At the end of iteration on the inner iterator, postRowDataChange attempts to restore the original value of the varStatus variable. Since prevVarValue != NULL, it thinks it should put the value back, but if there is no varStatus attribute on the iterator, iState._varStatus is null, and the assertion in _setELVar is triggered. As a workaround, setting a non-empty varStatus attribute on the inner iterator avoids the crash.
  java.lang.AssertionError
       at oracle.adf.view.faces.component.UIXCollection._setELVar(UIXCollection.java:1089)
       at oracle.adf.view.faces.component.UIXCollection.postRowDataChange(UIXCollection.java:654)
       at oracle.adf.view.faces.component.UIXCollection.setRowIndex(UIXCollection.java:379)
       at oracle.adf.view.faces.component.UIXIterator$Runner.run(UIXIterator.java:230)
       at oracle.adf.view.faces.component.UIXIterator.processFacetsAndChildren(UIXIterator.java:193)
       at oracle.adf.view.faces.component.UIXCollection.decodeChildrenImpl(UIXCollection.java:141)
       at oracle.adf.view.faces.component.UIXComponentBase.decodeChildren(UIXComponentBase.java:803)
       at oracle.adf.view.faces.component.UIXCollection.processDecodes(UIXCollection.java:136)
       at oracle.adf.view.faces.component.ChildLoop$Decode.process(ChildLoop.java:75)
       at oracle.adf.view.faces.component.ChildLoop.runAlways(ChildLoop.java:39)
       at oracle.adf.view.faces.component.ChildLoop.runAlways(ChildLoop.java:30)
       at oracle.adf.view.faces.component.UIXColumn.processDecodes(UIXColumn.java:54)
       at oracle.adf.view.faces.component.UIXCollection.processComponent(UIXCollection.java:802)
       at oracle.adf.view.faces.component.TableUtils$3.process(TableUtils.java:256)
       at oracle.adf.view.faces.component.ChildLoop.runAlways(ChildLoop.java:39)
       at oracle.adf.view.faces.component.ChildLoop.runAlways(ChildLoop.java:30)
       at oracle.adf.view.faces.component.TableUtils.__processStampedChildren(TableUtils.java:252)
       at oracle.adf.view.faces.component.UIXTable._processStamps(UIXTable.java:497)
       at oracle.adf.view.faces.component.UIXTable.processFacetsAndChildren(UIXTable.java:376)
       at oracle.adf.view.faces.component.UIXCollection.decodeChildrenImpl(UIXCollection.java:141)
       at oracle.adf.view.faces.component.UIXComponentBase.decodeChildren(UIXComponentBase.java:803)
       at oracle.adf.view.faces.component.UIXCollection.processDecodes(UIXCollection.java:136)
       at oracle.adf.view.faces.component.UIXComponentBase.decodeChildrenImpl(UIXComponentBase.java:818)
       at oracle.adf.view.faces.component.UIXComponentBase.decodeChildren(UIXComponentBase.java:803)
       at oracle.adf.view.faces.component.UIXComponentBase.processDecodes(UIXComponentBase.java:673)
       at oracle.adf.view.faces.component.UIXComponentBase.decodeChildrenImpl(UIXComponentBase.java:818)
       at oracle.adf.view.faces.component.UIXComponentBase.decodeChildren(UIXComponentBase.java:803)
       at oracle.adf.view.faces.component.UIXComponentBase.processDecodes(UIXComponentBase.java:673)
       at javax.faces.component.UIComponentBase.processDecodes(UIComponentBase.java:880)
  ....

  James, what Venkat and Prashant are trying to do is something like this...
  1. If I connect to the DB using scott/tiger then in the preLogin method of the Toplink Session Listener class, the proxy user will connect using something like admin/welcome1 and in the database audit view, the name that shows up SHOULD BE that of admin and NOT of scott. This is called proxy authentication if it works fine.
  We developed the above scenario but in the audit logs, we still see scott instead of admin as the user who connected.
  2. This feature is available in the DB but our objective is to use it through TopLink
  Also see Toplink Proxy Authentication Not Working
  I hope I was able to explain the scenario clearly.
  Any help will be appreciated
  Regards,
  Amit