Invalidating session using sessionbinding listener
For example, the Java Web Server has the ability to revert to using URL rewriting when cookies fail, and it allows session objects to be written to the server's disk as memory fills up or when the server shuts down.(The items you place in the session need to implement the interface to take advantage of this option.) See your server's documentation for details pertaining to your server.But when the container expires sessions after an hour or so, there is no request ( AM) anil_msn: we are using the request approach for active sessions getting invalidated ( AM) anil_msn: only the case of container expiring sessions ( AM) anil_msn: I think any approach we take will be like a hack ( AM) anil_msn: better ignore the use case (some customer asked for it) ( AM) Remy Maucherat: hum, right, that's interesting stuff, but it's not going to work ( AM) anil_msn: I was thinking about placing the principal after authentication into the http session. ( AM) anil_msn: anyway we are not doing the hack ( AM) Remy Maucherat: no, you can put an object in the session as an attribute ( AM) anil_msn: I cannot justify placing the principal in the session attribute map, just to solve one rare use case.( AM) anil_msn: we recommend session invalidation anyway as a best practice.
This is described in the following sections: You can create one or more event listener classes for each of these event categories.
, which were introduced in "When to Use Event Listeners for Servlet Notification".
You can use listeners for automated processing and more efficient resource management based on event status.
Allows a user to specify a value for the cookie named My Cookic Processes the submission of Add Displays…
Read More → Handling HTTP POST Requests This section develops a servlet that handles an HTIP POST request.
Fortunately for us servlet developers, it's not always necessary for a servlet to manage its own sessions using the techniques we have just discussed.