Does HttpSessionBindingListener get called when session times out (was: RE: Could this be a bug in tomcat)

[Michael Young <ja...@onyourside.net>]

On an earlier point of the exact sequence of events, I'm getting more
and more confused on Tomcat's behavior and my understanding and
experiences of Servlet API through working with some other containers.

What I am trying to do is: to do clean up when a user's session has been
invalidated due to either timeout or manual logout.  I used to just use
an HttpSessionListener's sessionDestroyed() to do clean up, but Tomcat 4.1.24
doesn't work this way, as was explained to me.

Now I just tried the HttpSessionBindingListener's valueUnbound(), but
it seems that Tomcat is not calling my valueUnbound() method when the
session times out.  This is in contrast to my understanding of Servlet API
though.  I thought when a session times out and is invalidated, all
attributes have to be removed first so all HttpSessionBindingListeners
get notified.

I can't use session activation events because these events do not necessarily
mean that the session has timed out, only that the session is being
persisted or serialized.  The session could still be active, and
users can still come back using the same session.

So the 6 million dollar question is:

In Tomcat 4.1.24, how can I get notified with full access to session
object when a session times out?

Thanks!  /M.

On Thursday, Apr-24-2003 13:28 PM (PDT) javaone@onyourside.net (Michael Young) wrote:

|> Jon and Yoav,
|> 
|> I understand the following JavaDoc isn't very specific regarding 
|> how things should exactly behave inside sessionDestroyed().
|> 
|> <extract>
|> sessionDestroyed(HttpSessionEvent)
|> public void sessionDestroyed(HttpSessionEvent se)
|> Notification that a session was invalidated.
|> Parameters:
|> se - the notification event
|> </extract>
|> 
|> What I don't understand is: if session object is not available inside
|> this method, then why does HttpSessionEvent.getSource() return it?
|> And if you look at AWT event models, the event listeners can get hold
|> of the original event source.
|> 
|> Seems very strange to me.  Thanks!  /M.
|> 
|> On Thursday, Apr-24-2003 11:52 AM (PDT) Yoav.Shapira@mpi.com (Shapira, Yoav) wrote:
|> 
|> |> 
|> |> Howdy,
|> |> 
|> |> >Only after this method has finished should the session be truly
|> |> >invalidated and destroyed.  Otherwise, session listener's
|> |> >sessionDestroyed()
|> |> >is pretty useless.
|> |> 
|> |> Nope.  There's a difference between invalidation, passivation, and
|> |> destruction.  What the other person pointing out about WAS, i.e. past
|> |> tense, in the sessionDestroyed() JavaDoc is true.  That's why the method
|> |> in the HttpSessionListener is called sessionDestroyed and not for
|> |> example sessionInvalidated.
|> |> 
|> |> Whether you agree or disagree with the spec is one thing, but tomcat
|> |> just implements the spec.  I think between HttpSessionListener,
|> |> HttpSessionActivationListener, HttpSessionBindingListener, and
|> |> HttpSessionAttributeListener, you can cover pretty much all the cases
|> |> you need.  You will have access to the attribute's name and value in the
|> |> attribute removed event, value unbound event, and to the session which
|> |> still contains the attribute in the willPassivate event.
|> |> 
|> |> Note that the JavaDoc is specific and clear with respect to the sequence
|> |> of events.
|> |> 
|> |> Yoav Shapira
|> |> Millennium ChemInformatics
|> |> 
|> |> 
|> |> 
|> |> This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged.  This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else.  If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender.  Thank you.
|> |> 
|> |> 
|> |> ---------------------------------------------------------------------
|> |> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
|> |> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
|> 
|> ---------------------------------------------------------------------
|> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
|> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Does HttpSessionBindingListener get called when session times out (was: RE: Could this be a bug in tomcat)

[Bill Barker <wb...@wilshire.com>]

valueUnbound is called after the session has been invalidated, so it is
illegal to call getAttribute from this method.

"Michael Young" <ja...@onyourside.net> wrote in message
news:000901c30baa$8db82fb0$4001a8c0@wonder...
> OK, let me ask this:
>
> Is HttpSessionBindingListener.valueUnbound() called just before the
session
> is going to be invalidated?
>
> That is, inside valueUnbound() method, is it legal to call
> session.getAttribute() method to get hold of any attributes?
>
> I just tested this, but I still get the following Tomcat exception.  As
far
> as I can tell, Tomcat didn't use to behave like this.
>
> 2003-04-25 21:11:41 StandardManager[/listeners] processsExpire:  Exception
> during session expiration
> java.lang.IllegalStateException: getAttributeNames: Session already
> invalidated
>  at
>
org.apache.catalina.session.StandardSession.getAttributeNames(StandardSessio
> n.java:974)
>  at
>
net.onyourside.tomcat.listeners.MyHSBindingListener.valueUnbound(MyHSBinding
> Listener.java:49)
>  at
>
org.apache.catalina.session.StandardSession.removeAttribute(StandardSession.
> java:1155)
>  at
>
org.apache.catalina.session.StandardSession.expire(StandardSession.java:635)
>  at
>
org.apache.catalina.session.StandardSession.expire(StandardSession.java:608)
>  at
>
org.apache.catalina.session.StandardManager.processExpires(StandardManager.j
> ava:793)
>  at
> org.apache.catalina.session.StandardManager.run(StandardManager.java:870)
>  at java.lang.Thread.run(Thread.java:536)
>
> Here's my simple listener class:
>
> package net.onyourside.tomcat.listeners;
>
> import java.util.Enumeration;
>
> import javax.servlet.http.HttpSession;
>
> import javax.servlet.http.HttpSessionBindingEvent;
>
> import javax.servlet.http.HttpSessionBindingListener;
>
> public class MyHSBindingListener implements HttpSessionBindingListener {
>
> /**
>
> *
>
> */
>
> public MyHSBindingListener() {
>
> super();
>
> }
>
> /* (non-Javadoc)
>
> * @see
>
javax.servlet.http.HttpSessionBindingListener#valueBound(javax.servlet.http.
> HttpSessionBindingEvent)
>
> */
>
> public void valueBound(HttpSessionBindingEvent event) {
>
> HttpSession session = event.getSession();
>
> session.setAttribute("valueBound", "added in " + this.getClass().getName()
+
> "'s valueBound()");
>
> System.out.println(this.getClass().getName() + "valueBound(): session
> attributes: ");
>
> for (Enumeration e = session.getAttributeNames(); e.hasMoreElements(); ) {
>
> String name = (String) e.nextElement();
>
> System.out.println(name + " <-> " + session.getAttribute(name));
>
> }
>
> }
>
> /* (non-Javadoc)
>
> * @see
>
javax.servlet.http.HttpSessionBindingListener#valueUnbound(javax.servlet.htt
> p.HttpSessionBindingEvent)
>
> */
>
> public void valueUnbound(HttpSessionBindingEvent event) {
>
> HttpSession session = event.getSession();
>
> System.out.println(this.getClass().getName() + "valueUnbound(): session
> attributes: ");
>
> for (Enumeration e = session.getAttributeNames(); e.hasMoreElements(); ) {
>
> String name = (String) e.nextElement();
>
> System.out.println(name + " <-> " + session.getAttribute(name));
>
> }
>
> }
>
> }
>
>
> ----- Original Message -----
> From: "Jon Wingfield" <jo...@mkodo.com>
> To: "Tomcat Users List" <to...@jakarta.apache.org>
> Sent: Friday, April 25, 2003 3:30 AM
> Subject: Re: Does HttpSessionBindingListener get called when session times
> out (was: RE: Could this be a bug in tomcat)
>
>
> > Objects that implement HttpSessionBindingListener have their
> > valueBound() and valueUnbound() methods called when they are
> > added/removed from sessions as attributes.
> >
> > ditto implementations of HttpSessionActivationListener.
> >
> > HttpSessionAttributeListeners defined in web.xml have their methods
> > called when any object is added/removed/replaced in a session.
> >
> > When the session is invalidated these above three mechanisms are invoked
> > (all attributes are removed from session). Once complete and the session
> > is invalid the HttpSessionListeners are invoked.
> >
> > I believe Tomcat works as per spec. It is the reference implementation
> > after all ;)
> >
> > We use a HttpSessionAttributeListener to save unfinished 'Work In
> > Progress' items when a user logs out or times out. At this point we can
> > also make a reasoned judgement of whether it is a logout or a timeout
> > using getLastAccessedTime and getMaxInactiveInterval().
> >
> > The same persistance object also implements ServletContextListener and
> > HttpSessionListener so that we also persist data if we have to bring
> > Tomcat down for maintenance.
> > In this case it is worth noting that if session persistance is on (as it
> > is by default) the session won't get invalidated on shutdown. However,
> > it may do so as soon as you bring Tomcat back up if the down time is
> > long enough. It's a judgement call whether to persist on shutdown or
> > invalidation.
> >
> > This combination works for us. HttpSessionActivationListener didn't
> > quite fit the bill.
> >
> > HTH,
> >
> > Jon
> >
> > Michael Young wrote:
> > > On an earlier point of the exact sequence of events, I'm getting more
> > > and more confused on Tomcat's behavior and my understanding and
> > > experiences of Servlet API through working with some other containers.
> > >
> > > What I am trying to do is: to do clean up when a user's session has
been
> > > invalidated due to either timeout or manual logout.  I used to just
use
> > > an HttpSessionListener's sessionDestroyed() to do clean up, but Tomcat
> 4.1.24
> > > doesn't work this way, as was explained to me.
> > >
> > > Now I just tried the HttpSessionBindingListener's valueUnbound(), but
> > > it seems that Tomcat is not calling my valueUnbound() method when the
> > > session times out.  This is in contrast to my understanding of Servlet
> API
> > > though.  I thought when a session times out and is invalidated, all
> > > attributes have to be removed first so all HttpSessionBindingListeners
> > > get notified.
> > >
> > > I can't use session activation events because these events do not
> necessarily
> > > mean that the session has timed out, only that the session is being
> > > persisted or serialized.  The session could still be active, and
> > > users can still come back using the same session.
> > >
> > > So the 6 million dollar question is:
> > >
> > > In Tomcat 4.1.24, how can I get notified with full access to session
> > > object when a session times out?
> > >
> > > Thanks!  /M.
> > >
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Does HttpSessionBindingListener get called when session times out (was: RE: Could this be a bug in tomcat)

[Michael Young <ja...@onyourside.net>]

OK, let me ask this:

Is HttpSessionBindingListener.valueUnbound() called just before the session
is going to be invalidated?

That is, inside valueUnbound() method, is it legal to call
session.getAttribute() method to get hold of any attributes?

I just tested this, but I still get the following Tomcat exception.  As far
as I can tell, Tomcat didn't use to behave like this.

2003-04-25 21:11:41 StandardManager[/listeners] processsExpire:  Exception
during session expiration
java.lang.IllegalStateException: getAttributeNames: Session already
invalidated
 at
org.apache.catalina.session.StandardSession.getAttributeNames(StandardSessio
n.java:974)
 at
net.onyourside.tomcat.listeners.MyHSBindingListener.valueUnbound(MyHSBinding
Listener.java:49)
 at
org.apache.catalina.session.StandardSession.removeAttribute(StandardSession.
java:1155)
 at
org.apache.catalina.session.StandardSession.expire(StandardSession.java:635)
 at
org.apache.catalina.session.StandardSession.expire(StandardSession.java:608)
 at
org.apache.catalina.session.StandardManager.processExpires(StandardManager.j
ava:793)
 at
org.apache.catalina.session.StandardManager.run(StandardManager.java:870)
 at java.lang.Thread.run(Thread.java:536)

Here's my simple listener class:

package net.onyourside.tomcat.listeners;

import java.util.Enumeration;

import javax.servlet.http.HttpSession;

import javax.servlet.http.HttpSessionBindingEvent;

import javax.servlet.http.HttpSessionBindingListener;

public class MyHSBindingListener implements HttpSessionBindingListener {

/**

*

*/

public MyHSBindingListener() {

super();

}

/* (non-Javadoc)

* @see
javax.servlet.http.HttpSessionBindingListener#valueBound(javax.servlet.http.
HttpSessionBindingEvent)

*/

public void valueBound(HttpSessionBindingEvent event) {

HttpSession session = event.getSession();

session.setAttribute("valueBound", "added in " + this.getClass().getName() +
"'s valueBound()");

System.out.println(this.getClass().getName() + "valueBound(): session
attributes: ");

for (Enumeration e = session.getAttributeNames(); e.hasMoreElements(); ) {

String name = (String) e.nextElement();

System.out.println(name + " <-> " + session.getAttribute(name));

}

}

/* (non-Javadoc)

* @see
javax.servlet.http.HttpSessionBindingListener#valueUnbound(javax.servlet.htt
p.HttpSessionBindingEvent)

*/

public void valueUnbound(HttpSessionBindingEvent event) {

HttpSession session = event.getSession();

System.out.println(this.getClass().getName() + "valueUnbound(): session
attributes: ");

for (Enumeration e = session.getAttributeNames(); e.hasMoreElements(); ) {

String name = (String) e.nextElement();

System.out.println(name + " <-> " + session.getAttribute(name));

}

}

}


----- Original Message -----
From: "Jon Wingfield" <jo...@mkodo.com>
To: "Tomcat Users List" <to...@jakarta.apache.org>
Sent: Friday, April 25, 2003 3:30 AM
Subject: Re: Does HttpSessionBindingListener get called when session times
out (was: RE: Could this be a bug in tomcat)


> Objects that implement HttpSessionBindingListener have their
> valueBound() and valueUnbound() methods called when they are
> added/removed from sessions as attributes.
>
> ditto implementations of HttpSessionActivationListener.
>
> HttpSessionAttributeListeners defined in web.xml have their methods
> called when any object is added/removed/replaced in a session.
>
> When the session is invalidated these above three mechanisms are invoked
> (all attributes are removed from session). Once complete and the session
> is invalid the HttpSessionListeners are invoked.
>
> I believe Tomcat works as per spec. It is the reference implementation
> after all ;)
>
> We use a HttpSessionAttributeListener to save unfinished 'Work In
> Progress' items when a user logs out or times out. At this point we can
> also make a reasoned judgement of whether it is a logout or a timeout
> using getLastAccessedTime and getMaxInactiveInterval().
>
> The same persistance object also implements ServletContextListener and
> HttpSessionListener so that we also persist data if we have to bring
> Tomcat down for maintenance.
> In this case it is worth noting that if session persistance is on (as it
> is by default) the session won't get invalidated on shutdown. However,
> it may do so as soon as you bring Tomcat back up if the down time is
> long enough. It's a judgement call whether to persist on shutdown or
> invalidation.
>
> This combination works for us. HttpSessionActivationListener didn't
> quite fit the bill.
>
> HTH,
>
> Jon
>
> Michael Young wrote:
> > On an earlier point of the exact sequence of events, I'm getting more
> > and more confused on Tomcat's behavior and my understanding and
> > experiences of Servlet API through working with some other containers.
> >
> > What I am trying to do is: to do clean up when a user's session has been
> > invalidated due to either timeout or manual logout.  I used to just use
> > an HttpSessionListener's sessionDestroyed() to do clean up, but Tomcat
4.1.24
> > doesn't work this way, as was explained to me.
> >
> > Now I just tried the HttpSessionBindingListener's valueUnbound(), but
> > it seems that Tomcat is not calling my valueUnbound() method when the
> > session times out.  This is in contrast to my understanding of Servlet
API
> > though.  I thought when a session times out and is invalidated, all
> > attributes have to be removed first so all HttpSessionBindingListeners
> > get notified.
> >
> > I can't use session activation events because these events do not
necessarily
> > mean that the session has timed out, only that the session is being
> > persisted or serialized.  The session could still be active, and
> > users can still come back using the same session.
> >
> > So the 6 million dollar question is:
> >
> > In Tomcat 4.1.24, how can I get notified with full access to session
> > object when a session times out?
> >
> > Thanks!  /M.
> >
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Does HttpSessionBindingListener get called when session times out (was: RE: Could this be a bug in tomcat)

[Jon Wingfield <jo...@mkodo.com>]

Objects that implement HttpSessionBindingListener have their 
valueBound() and valueUnbound() methods called when they are 
added/removed from sessions as attributes.

ditto implementations of HttpSessionActivationListener.

HttpSessionAttributeListeners defined in web.xml have their methods 
called when any object is added/removed/replaced in a session.

When the session is invalidated these above three mechanisms are invoked 
(all attributes are removed from session). Once complete and the session 
is invalid the HttpSessionListeners are invoked.

I believe Tomcat works as per spec. It is the reference implementation 
after all ;)

We use a HttpSessionAttributeListener to save unfinished 'Work In 
Progress' items when a user logs out or times out. At this point we can 
also make a reasoned judgement of whether it is a logout or a timeout 
using getLastAccessedTime and getMaxInactiveInterval().

The same persistance object also implements ServletContextListener and 
HttpSessionListener so that we also persist data if we have to bring 
Tomcat down for maintenance.
In this case it is worth noting that if session persistance is on (as it 
is by default) the session won't get invalidated on shutdown. However, 
it may do so as soon as you bring Tomcat back up if the down time is 
long enough. It's a judgement call whether to persist on shutdown or 
invalidation.

This combination works for us. HttpSessionActivationListener didn't 
quite fit the bill.

HTH,

Jon

Michael Young wrote:
> On an earlier point of the exact sequence of events, I'm getting more
> and more confused on Tomcat's behavior and my understanding and
> experiences of Servlet API through working with some other containers.
> 
> What I am trying to do is: to do clean up when a user's session has been
> invalidated due to either timeout or manual logout.  I used to just use
> an HttpSessionListener's sessionDestroyed() to do clean up, but Tomcat 4.1.24
> doesn't work this way, as was explained to me.
> 
> Now I just tried the HttpSessionBindingListener's valueUnbound(), but
> it seems that Tomcat is not calling my valueUnbound() method when the
> session times out.  This is in contrast to my understanding of Servlet API
> though.  I thought when a session times out and is invalidated, all
> attributes have to be removed first so all HttpSessionBindingListeners
> get notified.
> 
> I can't use session activation events because these events do not necessarily
> mean that the session has timed out, only that the session is being
> persisted or serialized.  The session could still be active, and
> users can still come back using the same session.
> 
> So the 6 million dollar question is:
> 
> In Tomcat 4.1.24, how can I get notified with full access to session
> object when a session times out?
> 
> Thanks!  /M.
> 




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org