HttpSessionListener (sessionCreated/destroyed) - strange behaviour

up vote3down votefavorite 1

I'm trying to use HttpSessionListener: public class SessionListener implements HttpSessionListener { public void sessionCreated(HttpSessionEvent event) { System.out.println("ID Session Created: " + event.getSession().getId()); } public void sessionDestroyed(HttpSessionEvent event) { System.out.println("ID Session Destroyed: " + event.getSession().getId()); } } web.xml: <listener> <listener-class>session.SessionListener</listener-class> </listener> UserManager.java: @SessionScoped @ManagedBean(name="userManager") public class UserManager extends Tools { /**/ private static final long serialVersionUID = -8522314095497978567L; private String username; private String password; private transient HttpSession session = null; public String login() { user = (User) find(username, password); if (user != null) { username = password = null; FacesContext context = FacesContext.getCurrentInstance(); session = (HttpSession) context.getExternalContext().getSession(true); session.setAttribute("id", user.getID()); } } public void logout() { user = null; FacesContext context = FacesContext.getCurrentInstance(); session = (HttpSession) context.getExternalContext().getSession(true); session.invalidate(); } // getters and setters ---------------------------------------------------- } It works, but little bit strangely. If i logout, it reports to the console: ID Session Destroyed: 807DEDB88D35C0351BF2B9FBA83519AB ID Session Created: 8A029C95E6BA9DF17FB91C7F3AC81B24 If login, there is nothing in console. What I'm doing wrong? java jsf servlets share|improve this question edited May 30 '11 at 11:59 BalusC 450k8211361470 asked May 30 '11 at 11:25 gaffcz 1,05042756

Related: stackoverflow.com/questions/3106452/… –  BalusC May 30 '11 at 11:59 add comment

2 Answers

activeoldestvotes

up vote10down voteaccepted

A session is created the moment your browser makes a request to the webserver, not when you 'log in'. A session will always exist for each client that the server is interacting with. It does not matter if you store anything in that session or otherwise make use of it. When you logout, you force the server to discard the current session, but since it still needs to communicate with the client a new ('clean') session is created. This new session is likely still in effect when you log in. I'm sure if you shut down your server and delete all its working cache, you'll see the session created message on the first hit from your browser. share|improve this answer edited May 30 '11 at 11:36 answered May 30 '11 at 11:30 Kris 7,95523051

Thank you, Kris. –  gaffcz May 30 '11 at 12:11 add comment

up vote1down vote	session = (HttpSession) context.getExternalContext().getSession(true); The above line in the logout method should have 'getSession()' without true. getSession(boolean) Returns the current HttpSession associated with this request or, if if there is no current session and create is true, returns a new session. share|improve this answer answered May 30 '11 at 11:41 sudmong 1,60149
	Hmm, that's the same as Bozho told me. But I can let it empty - "The method getSession(boolean) in the type ExternalContext is not applicable for the arguments ()" –  gaffcz May 30 '11 at 11:49 pass false then..it should return you the existing session in which you are or return null.. if you get null, it means there is something wrong. –  sudmong May 30 '11 at 11:53 add comment