Is there any other way to check expiry of session other than this
session.isNew()
+7
A:
Yes:
you can call
HttpServletRequest.getSession(false)and you'll get anullinstead of a session if there isn't one active already.you can define a lifecycle listener (using
HttpSessionListener) in yourweb.xml. That way you can get notified the moment a session bites the dust.
Carl Smotricz
2010-01-15 08:02:57
+1 for the second suggestion. BTW, its good to name it, so HttpSessionListener is the one.
Adeel Ansari
2010-01-15 08:05:39
Implementing `HttpSessionListener` is the way to go. Just hook on `sessionDestroyed()`.
BalusC
2010-01-15 18:01:59
you should just mark yourself best answer. How many points do you need to do that?
Yar
2010-03-12 18:13:07
@yar: I think I'd have to be a moderator, and even (especially?) then it would be illegal. I have no problem with not being the winner on a question. Thanks, though!
Carl Smotricz
2010-03-13 20:02:29
+4
A:
Define a class, say SessionTimeoutIndicator, which implements the interface javax.servlet.http.HttpSessionBindingListener. Next create a SessionTimeoutIndicator object and add it to the user session. When the session is removed, the SessionTimeoutIndicator.valueUnbound() method will be called by the Servlet engine. You can then implement valueUnbound() to do the required operation.
hope its cleared now.
giri
2010-01-15 08:06:01
Just using `HttpSessionListener#sessionDestroyed()` would make things more easy.
BalusC
2010-01-15 18:04:34
A:
With session.isNew you can not distinguish expired sessions from entirely new sessions.
You can check if the session has expired and/or timed out with:
if (request.getRequestedSessionId() != null
&& !request.isRequestedSessionIdValid()) {
// Session is expired
}
Use getRequestedSessionId to distinguish between new and existing (valid/expired) sessions, and use isRequestedSessionIdValid to distinguish betwheen valid and new/expired sessions.
You can put this code in a Filter.
Danilo Piazzalunga
2010-06-29 12:05:54