Sunday, January 5, 2014

I'm trying to use HttpSessionListener:
public class SessionListener implements HttpSessionListener
{
  public void sessionCreated(HttpSessionEvent event) {
    System.out.println("ID Session Created: " + event.getSession().getId());
  }
  public void sessionDestroyed(HttpSessionEvent event) {
    System.out.println("ID Session Destroyed: " + event.getSession().getId());
  }
}
web.xml:
<listener>
  <listener-class>session.SessionListener</listener-class>
</listener>
UserManager.java:
@SessionScoped
@ManagedBean(name="userManager")
public class UserManager extends Tools
{
  /**/
  private static final long serialVersionUID = -8522314095497978567L;

  private String username;
  private String password;

  private transient HttpSession session = null;

  public String login() 
  {
    user = (User) find(username, password);
    if (user != null) 
    {
      username = password = null;

      FacesContext context = FacesContext.getCurrentInstance();
      session = (HttpSession) context.getExternalContext().getSession(true);
      session.setAttribute("id", user.getID());
    } 
  }

  public void logout() 
  {
    user = null;
    FacesContext context = FacesContext.getCurrentInstance();
    session = (HttpSession) context.getExternalContext().getSession(true);
    session.invalidate();
  } 
  // getters and setters ----------------------------------------------------
}
It works, but little bit strangely.
If i logout, it reports to the console:
ID Session Destroyed: 807DEDB88D35C0351BF2B9FBA83519AB
ID Session Created: 8A029C95E6BA9DF17FB91C7F3AC81B24
If login, there is nothing in console.
What I'm doing wrong?
share|improve this question
add comment

2 Answers

up vote10down voteaccepted
A session is created the moment your browser makes a request to the webserver, not when you 'log in'. A session will always exist for each client that the server is interacting with. It does not matter if you store anything in that session or otherwise make use of it.
When you logout, you force the server to discard the current session, but since it still needs to communicate with the client a new ('clean') session is created. This new session is likely still in effect when you log in.
I'm sure if you shut down your server and delete all its working cache, you'll see the session created message on the first hit from your browser.
share|improve this answer
 
Thank you, Kris. –  gaffcz May 30 '11 at 12:11
add comment
session = (HttpSession) context.getExternalContext().getSession(true); The above line in the logout method should have 'getSession()' without true.
getSession(boolean)
Returns the current HttpSession associated with this request or, if if there is no current session and create is true, returns a new session.
share|improve this answer
 
Hmm, that's the same as Bozho told me. But I can let it empty - "The method getSession(boolean) in the type ExternalContext is not applicable for the arguments ()" –  gaffcz May 30 '11 at 11:49
 
pass false then..it should return you the existing session in which you are or return null.. if you get null, it means there is something wrong. –  sudmong May 30 '11 at 11:53
add comment

No comments: