1

This question can be solved by googling, so did i but since i am new to servlet technology, i am not able to resolve the issue.

I need to assign session to particular user, session will expire in 10 second and when session is expired, user will be forwarded to login.html page again.

I read a bit about it but i am not getting the callback when session expires. Here is my try. 

Login servlet
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        String userName = request.getParameter("user_id");
        String pwd = request.getParameter("pwd");
        PrintWriter out = response.getWriter();
        if(userName.equalsIgnoreCase(pwd)){
            HttpSession session = request.getSession();
            session.setMaxInactiveInterval(10);
            ActiveUser mActiveUser = new ActiveUser();
            mActiveUser.setUserName(userName);
            session.setAttribute("userName", mActiveUser);      
            RequestDispatcher rd = request.getRequestDispatcher("welcome.html");
            rd.forward(request, response);
        }else{
            response.setContentType("text/html");
            out.print("UserName and password did not match, Please try again");
            RequestDispatcher dispatchToIndex = request.getRequestDispatcher("index.html");
            dispatchToIndex.include(request, response);

        }
    }

ActiveUser.java

@WebListener
public class ActiveUser implements HttpSessionBindingListener,
        HttpSessionListener {
//overridden methods of the interfaces are included, and simple print statement is there to get know about callback is received or not.

Problem: When session expires(time-out) after 10 second i am not getting callback as required, but if i am sending a request after 10 second it correctly gets to know that previous session is expired and i receive callback on ActiveUser->sessionDestroyed() and ActiveUser->valueUnbound() and HttpSessionAttributeListener->attributeRemoved()

thanks in advance

Gaurav Gupta
  • 4,586
  • 4
  • 39
  • 72

2 Answers2

1

After expiration, session is not destroyed immediately. Session destroy happens lazily and at certain intervals.

  • Lazily: when a new request arrives in the session that has been expired sessionDestroyed() will be called.
  • At certain intervals : the server runs a low-priority timer job to clean all expired sessions.
user987339
  • 10,519
  • 8
  • 40
  • 45
1

Session checking may certainly take place in intervals longer than 10secs (HttpSessionListener not detecting session timeout). If you wait a bit longer the sessionDestroyed method will be called.

However an automatic redirection will not happen if a request does not take place first. So this can occur when the user tries to access your web app. In this case you don't need a WebListener (e.g. javax.servlet.http.HttpSessionListener), you can simply check if the username or an authentication flag is set in session.

If you really want an auto redirection you can achieve it with js polling or server push.

Community
  • 1
  • 1
melc
  • 11,523
  • 3
  • 36
  • 41
  • Few times i received callback at around after 45-50 sec . So, does it mean session-time-out should be > 1 minute at minimum – Gaurav Gupta Dec 09 '13 at 13:42
  • @GauravGupta it seems that the check interval is around that time and it depends on the app server as well. – melc Dec 09 '13 at 13:47
  • I was thinking of the from a long time. Thanks for pointing out the root cause. Accepting your answer – Gaurav Gupta Dec 09 '13 at 13:50