3

I have a login page which asks for username and password. On clicking on login button, web page sends username and password to login servlet as parameters (I am using tomcat). Then, I am creating a session using request.getSession();

I have a sessionListener class (implements HttpSessionListener) where I am overriding sessionCreated() and sessionDestroyed() methods. I have also made listener entry in web.xml file.

My problem is, I want to access the username request parameter inside sessionCreated() method so that I could write the username into mysql database whenever a new session is created.

Basically, is there any way that we can access user entered parameters inside session listeners? Please suggest how can I achieve this.

devm
  • 227
  • 1
  • 12

2 Answers2

2

In your Servlet set the username and password (Obtained from HttpServletRequest) to HttpSession

session.setAttribute("username", uname);
session.setAttribute("password", passwd);

and in your HttpSessionListener get it using

String uname = (String) session.getAttribute("username");
String pwd  = (String) session.getAttribute("password");
sanbhat
  • 17,522
  • 6
  • 48
  • 64
  • 1
    @sanbath: thanks, but.... sessionCreated() method gets called whenever I issue the statement _request.getSession()_. this is the first time when I create session for any login. Setting attribute will be done after the call to sessionCreated() method. Hence, I cannot just fetch session attributes inside sessionCreated method. – devm Apr 28 '13 at 14:20
  • Yes, agreed. Then i feel there is flaw in the design. One way of accessing request params, is by the means of `HttpServletRequest` and when you are inside any method of `HttpSessionListener`, you dont have access to the request, cause there might not be a request at that point (it has got fired off). So i recommend, moving of your save logic to the servlet. You can have a dedicated servlet which creates session and you can update DB there itself. – sanbhat Apr 28 '13 at 14:37
  • @Sanbath: yes I can move the code to servlet, but, I will not be able to update DB whenever a new session expires automatically. Suppose, user logs in and I make an entry in loggedIn user table in DB using servlet, then user is doing nothing and the session expires ('session.Invalidate()' gets called). In this case I wont be able to delete the user from loggedIn usertable, as I dont know when the session was expired. Hence, I wanted this logic to be handled inside session listener events. – devm Apr 28 '13 at 14:47
  • Once the session is created in your entry servlet, you put the details of username in that session. Now, when session gets invalidated and when your listener's sessionDestroyed gets called, you will have the username set earlier; get that username and now from the listener, make a DB call to delete it. The problem exists only while creating DB entries.. not deleting, cause while deleting you have the username in session. – sanbhat Apr 28 '13 at 14:50
  • Nope, it won't work, as for the username to be available inside `sessionDestroyed()` method, `HttpServletRequest` instance should also be available.I am not seeing any way to pass http request instance to `sessionDestroyed()` method. Isn't there any way we can pass values to lisetners? – devm Apr 28 '13 at 16:29
  • sorry, I should have tried to fetch session attributes from the `HttpSessionEvent` argument of `sessionDestroyed()` method. It worked. Thanks for your help, I'll update the answer with this approach. – devm Apr 28 '13 at 16:51
1

Thanks @sanbath for helping me out. Here is the approach I followed to get this done.

I have added the code within servlet itself to insert the logged in username into database, as I cannot do this inside sessionCreated() method (no session attributes will be available at this time).

For deleting usernames when a session gets invalidated, I am just getting the session attribute details from HttpSessionEvent argument of sessionDestroyed() method. As the username attribute will be available, I can delete it from the logged in users table in DB.

public void sessionDestroyed(HttpSessionEvent e) {
    System.out.println("session destroyed");
    System.out.println("username is "+e.getSession().getAttribute("user"));
}
devm
  • 227
  • 1
  • 12