0

Using tomcat 7, servlet 3.0, spring mvc3 with spring social, I get my class to listen sessions with;

public class AClass implements ApplicationContextAware, HttpSessionListener{

...
    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
            this.applicationContext = applicationContext;
            if (applicationContext instanceof WebApplicationContext) {
                ((WebApplicationContext) applicationContext).getServletContext().addListener(this);
    }

    public void sessionCreated(HttpSessionEvent se) {
        System.out.println("session created");
    }

    public void sessionDestroyed(HttpSessionEvent se){
        System.out.println("session destroyed");

    }
...
}

and I set the session-timeout to 1 minute in web.xml (I am sure it is working correctly) When I open a page I get the 'session created' message but I never get 'session destroyed'. If I refresh the page after 1 minute I get the 'session created' message again which claims that session is getting expired.

So the question is what am I getting wrong? Shouldn't sessionDestroyed method notify me when a session gets expired?

hevi
  • 2,432
  • 1
  • 32
  • 51

1 Answers1

0

Yes, a session is destroyed when it times out or if you expire it programmatically using:

HttpSession.invalidate()

See this blog to ensure you are doing everything correctly.

Also, the servletcontainer will not immediately destroy sessions after exactly the timeout value. There is a background job which runs at certain time intervals like 5~15 minutes. So most likely you don't see destroyed line in the console immediately because of this reason.

slashdot
  • 766
  • 5
  • 11
  • any idea how to force the job to run more frequently? – hevi Jan 17 '13 at 22:25
  • btw, it is being 2 hours since a session is being created but it hasn't expired yet. So I guess sessionDestroyed is not being called on timeout – hevi Jan 17 '13 at 23:56