I'm having trouble getting the ZK session timeout to occur because our application polls the server every few minutes for information. The code that triggers this polling is Javascript which clicks a hidden button, sending an onClick event to the server.
Do you know of any way to tell ZK that this polling is automated and should not affect the session timeout timer?
Thanks very much.
-Ian
A workaround is write a filter to detect whether a request is that poll request and log the time of 'real' request in filter then invalidate session if no real request for a long time.
sample:
test.zul
<zk>
<intbox id="ibx" value="1" />
<timer delay="1000" id="pooltimer" repeats="true">
<attribute name="onTimer"><![CDATA[
ibx.setValue(ibx.getValue() + 1);
]]></attribute>
</timer>
<button label="click or invalidated in 20 seconds">
<attribute name="onClick"><![CDATA[
long lastRealRequest = (Long)Sessions.getCurrent().getAttribute("LAST_REAL_REQUEST");
alert("only pooling request in "
+ ((System.currentTimeMillis() - lastRealRequest) / 1000)
+ " second(s)");
]]></attribute>
</button>
</zk>
zk.xml
<zk>
<session-config>
<session-timeout>20</session-timeout>
</session-config>
</zk>
filter in web.xml
<filter>
<filter-name>requestFilter</filter-name>
<filter-class>test.RequestFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>requestFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
RequestFilter.java
package test;
import java.io.IOException;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
public class RequestFilter implements Filter {
public void init(FilterConfig filterConfig) throws ServletException {
}
#Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest)request;
Map param = req.getParameterMap();
HttpSession sess = req.getSession();
boolean isRealRequest = true;
// here detect whether it is the poll request
// initiate the LAST_REAL_REQUEST if the poll request is
// the first request
//
// invalidate session if no real request within session timeout range
for (Object key : param.keySet()) {
if (key.toString().startsWith("cmd")
&& "onTimer".equals(((String[])param.get(key))[0])) {
// not real request
isRealRequest = false;
// try get last real request time
Long lastRealRequest = (Long)sess.getAttribute("LAST_REAL_REQUEST");
if (lastRealRequest == null) {
System.out.println("init");
// init if no previous real request
lastRealRequest = System.currentTimeMillis();
sess.setAttribute("LAST_REAL_REQUEST", lastRealRequest);
} else if ((System.currentTimeMillis() - lastRealRequest) > 20000) {
System.out.println("invalidate");
// invalidate session if only poll request for a long time
sess.invalidate();
}
}
}
// process request
chain.doFilter(request, response);
// update LAST_REAL_REQUEST if this is a real request
if (isRealRequest) {
// record last real request time
sess.setAttribute("LAST_REAL_REQUEST", System.currentTimeMillis());
}
}
#Override
public void destroy() {}
}
Short answer is NO.
Long answer is, first of all there is no "ZK Session". It is just HttpSession as defined by Servlet specification. Second, session management is done by servlet web container so the session timeout counter reset is done long before the request is passed to ZK for handling.
Related
This question already has answers here:
Authorization redirect on session expiration does not work on submitting a JSF form, page stays the same
(2 answers)
Closed 4 years ago.
I have configured my session timeout in the server and have added a filter to handle session timeout. But when I am trying to redirect it back to the login page its not working. I searched the net but not getting anything solid. I am using jsf.. my code
public class SessionTimeoutFilter implements Filter {
private String timeoutPage = "login.seam";
public void init(FilterConfig filterConfig) throws ServletException {
}
public void doFilter(ServletRequest request,
ServletResponse response, FilterChain filterChain) throws IOException,ServletException {
if ((request instanceof HttpServletRequest)
&& (response instanceof HttpServletResponse))
{
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
if (isSessionControlRequiredForThisResource(httpServletRequest)) {
if (isSessionInvalid(httpServletRequest))
{
String timeoutUrl = httpServletRequest.getContextPath()
+ "/" + getTimeoutPage();
System.out.println("Session is invalid! redirecting to timeoutpage : " + timeoutUrl);
httpServletResponse.sendRedirect(timeoutUrl);
return;
}
}
}
filterChain.doFilter(request, response);
}
Can anyone tell me what am i doing wrong... why is sendredirect not responding
Maybe this solution will be proper for your needs:
How to redirect to index page if session time out happened in jsf application
if you need perform some action on session timeout you can also create #Destory annotated method on session statefull bean.
I am new to Java and JavaFX, so pardon my newbie questions. I have searched for the past couple of days for examples of what I am trying to do, but have been unable to find any answers.
Here is what I am trying to do: I am trying to create a simple javafx GUI client socket application using scene builder that will connect to a server and send/receive data. Simple enough, but when I try to implement this in Java FX, my GUI freezes. I have researched and found out that the reason is that the socket communications is taking all of the time, and the javafx GUI cannot update. My research has pointed me to using tasks. So, I have created a simple application that creates a task, connects to an internet socket (port 80), sends the command "GET / HTTP/1.1\r\n\r\n" which will request the page and then prints out each line received. The problem is that I want to do this over and over again (every 3 seconds). The task runs successfully once, but then it stops. In the following code, the lines that put the thread to sleep are never reached, but the lines that print any errors are not sent to system.out either.
Here is the controller code
package clientSocketExample;
import java.io.*;
import java.net.*;
import java.util.ResourceBundle;
import javafx.event.ActionEvent;
import javafx.event.EventHandler;
import javafx.fxml.FXML;
import javafx.fxml.Initializable;
import javafx.scene.control.*;
import javafx.concurrent.Task;
/**
* Controller class of the HelloWorld sample.
*/
public class ClientSocketExampleController implements Initializable
{
#FXML
Button button;
private boolean keepRunning = true;
/**
* Initializes the controller class.
*/
#Override
public void initialize(URL url, ResourceBundle rsrcs)
{
if (button != null)
{
button.setOnAction(new EventHandler<ActionEvent>()
{
#Override
public void handle(ActionEvent event)
{
keepRunning = false;
System.out.println("Hello World\n");
}
});
}
// Create a background task to handle the Client-Server socket
// This is needed because JavaFX is not thread safe
Task<Integer> task = new Task<Integer>()
{
#Override
protected Integer call() throws Exception
{
Socket s = new Socket();
// String host = "www.google.com";
// String host = "www.amazon.com";
String host = "www.yahoo.com";
PrintWriter s_out = null;
BufferedReader s_in = null;
int lineNums = 0;
try
{
s.connect(new InetSocketAddress(host, 80));
System.out.println("Connected\n");
// Create writer for socket
s_out = new PrintWriter(s.getOutputStream(), true);
// Create reader for socket
s_in = new BufferedReader(new InputStreamReader(s.getInputStream()));
}
catch (IOException e)
{
// Host not found, so print error
System.err.println("Don't know about host : " + host);
System.exit(1);
}
// Loop forever waiting for task to be cancelled
while (isCancelled() == false)
{
// Send message to server
String message = "GET / HTTP/1.1\r\n\r\n";
s_out.println(message);
System.out.println("Message sent\n");
// Get response from server
try
{
String response;
while ((response = s_in.readLine()) != null)
{
System.out.print("Line #: "+lineNums+" ");
System.out.println(response);
lineNums++;
}
} catch (IOException e)
{
System.err.println("Couldn't get response from host");
}
System.out.println("Thread going to sleep\n\n\n");
Thread.sleep(3000);
System.out.println("Thread waking up from sleep\n\n\n");
} // End while
return lineNums;
}
}; // End Initialize
// start the background task
Thread th = new Thread(task);
th.setDaemon(true);
System.out.println("Starting background task...");
th.start();
}
}`
The Main.java class looks like this:
package clientSocketExample;
import java.util.logging.Level;
import java.util.logging.Logger;
import javafx.application.Application;
import javafx.fxml.FXMLLoader;
import javafx.scene.Scene;
import javafx.scene.layout.AnchorPane;
import javafx.stage.Stage;
public class Main extends Application
{
/**
* #param args the command line arguments
*/
public static void main(String[] args)
{
Application.launch(Main.class, (java.lang.String[]) null);
}
#Override
public void start(Stage primaryStage)
{
try
{
AnchorPane page = (AnchorPane) FXMLLoader.load(Main.class
.getResource("ClientSocketExample.fxml"));
Scene scene = new Scene(page);
primaryStage.setScene(scene);
primaryStage.setTitle("Hello World Sample");
primaryStage.show();
} catch (Exception ex)
{
Logger.getLogger(Main.class.getName()).log(Level.SEVERE, null, ex);
}
}
}`
And finally the FXML file looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<?import java.lang.*?>
<?import java.util.*?>
<?import javafx.scene.control.*?>
<?import javafx.scene.layout.*?>
<?import javafx.scene.paint.*?>
<AnchorPane id="AnchorPane" prefHeight="365.0" prefWidth="378.0" xmlns:fx="http://javafx.com/fxml" fx:controller="clientSocketExample.ClientSocketExampleController">
<children>
<Button fx:id="button" layoutX="147.0" layoutY="28.0" text="Connect" />
<TitledPane animated="false" layoutY="159.0" prefWidth="378.0" text="Received Data">
<content>
<AnchorPane id="Content" minHeight="0.0" minWidth="0.0" prefHeight="180.0" prefWidth="200.0">
<children>
<TextArea fx:id="textAreaField" prefHeight="180.0" prefWidth="374.0" wrapText="true" />
</children>
</AnchorPane>
</content>
</TitledPane>
</children>
</AnchorPane>
Thanks in advance for your help
Wayne
The problem you are getting with the Gui that freezes is because its your "controller" class that connects to the socket. I had the same problem when i was creating my own chat program using JavaFx and JavaFx scene builder.
You can do two things:
Create a new class (SocketConnector()) that connects you to the socket.
Connect to the socket within your main class instead of controller
regardless you cannot connect to a socket within your controller class i am sorry that i am unable to describe details on why you cannot i just know that ive experianced this problem several times and this what the way to fix it!
A couple things need to change with your request:
Insert this into your request
"\r\nHost: <host>\r\nConnection: keep-alive"
This will make sure that the server doesn't close your connection after it responds to your request.
Change your while loop to this:
while (s_in.ready() && (response = s_in.readLine()) != null)
This will make sure there is something to read from the BufferedReader. Check these posts about why the BufferedReader will hang: https://stackoverflow.com/a/7855911/1359765 and https://stackoverflow.com/a/15510821/1359765
I have an application which uses the welcome-page index.jsp with an <iframe></iframe> the contents of the iframe is a jsf page. If I access index.jsp I see a cookie already on the first get in firebug:
Set-Cookie JSESSIONID=C615DA89B6EF73F801973EA3DCD3B226; Path=/
The page of the <iframe> inherits this jsessionid. BUT: when I directly access the page of the <iframe/> I get the jsessionId rewritten to all URLs without a cookie - on the first request. Afterwards the cookie is used. This is all fine - if:
The security system would allow me to perform url rewrites.
I run jboss 4.2.2
I want to achieve the same behaviour as I have with the index.jsp - e.g. always use cookies and always avoid http rewrite.
[EDIT]
thanks to balusc's answer I wrote this:
public class JsessionIdAvoiderFilter implements Filter {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException,
ServletException {
boolean allowFilterChain = redirectToAvoidJsessionId((HttpServletRequest) req, (HttpServletResponse)res);
//I'm doing this because if I execute the request completely, it will perform a pretty heavy lookup operation. No need to do it twice.
if(allowFilterChain)
chain.doFilter(req, res);
}
public static boolean redirectToAvoidJsessionId(HttpServletRequest req, HttpServletResponse res) {
HttpSession s = req.getSession();
if(s.isNew()) {
//after the redirect we don't want to redirect again.
if(!(req.isRequestedSessionIdFromCookie()&&req.isRequestedSessionIdFromURL()))
{
//yeah we have request parameters actually on that request.
String qs = req.getQueryString();
String requestURI = req.getRequestURI();
try {
res.sendRedirect(requestURI+"?"+qs);
return false;
} catch (IOException e) {
logger.error("Error sending redirect. " + e.getMessage());
}
}
}
return true;
}
}
Don't forget to add it to your web.xml
<filter>
<display-name>JsessionId Filter</display-name>
<filter-name>jsessionIdAvoiderFilter</filter-name>
<filter-class>my.namespace.JsessionIdAvoiderFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>jsessionIdAvoiderFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
Since Servlet 3.0 you could use <tracking-mode>COOKIE</tracking-mode> for this. But as JBoss 4.2.2 isn't Servlet 3.0 compilant, this isn't an option.
Easiest would be to create a servlet filter which sends a redirect to HttpServletRequest#getRequestURI() when HttpSession#isNew() returns true. Don't forget to check the HttpServletRequest#isRequestedSessionIdFromCookie() to prevent an infinite redirect loop when the client doesn't support cookies at all.
Based on Christopher Schultz recommendation I tried this and it works.
package com.rama.test.jsessionfilter
public class JsessionIdAvoiderFilter implements Filter {
protected static final Logger LOGGER = LogManager.getLogger(JsessionIdAvoiderFilter.class);
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
if (!(req instanceof HttpServletRequest)) {
chain.doFilter(req, res);
return;
}
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
// Redirect requests with JSESSIONID in URL to clean old links
/* If you really want clean up some old links which have Jsession id bookmarked clean it. If its new app
this below check is not required. */
if (request.isRequestedSessionIdFromURL()) {
String url = request.getRequestURL().append(request.getQueryString() != null ? "?"
+ request.getQueryString() : "").toString();
response.setHeader("Location", url);
response.sendError(HttpServletResponse.SC_MOVED_PERMANENTLY);
LOGGER.info(" Found url with jsession id in it:"+ request.getRequestURL() +": url="+url);
return;
}
// Prevent rendering of JSESSIONID in URLs for all outgoing links
HttpServletResponseWrapper wrappedResponse = new HttpServletResponseWrapper(
response) {
#Override
public String encodeRedirectUrl(String url) {
return url;
}
#Override
public String encodeRedirectURL(String url) {
return url;
}
#Override
public String encodeUrl(String url) {
return url;
}
#Override
public String encodeURL(String url) {
return url;
}
};
chain.doFilter(req, wrappedResponse);
}
public void destroy() {
}
public void init(FilterConfig arg0) throws ServletException {
}
}
and the following entry in web.xml
<filter>
<display-name>JsessionId Filter</display-name>
<filter-name>jsessionIdAvoiderFilter</filter-name>
<filter-class>com.rama.test.jsessionfilter.JsessionIdAvoiderFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>jsessionIdAvoiderFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
Works great !!!.
This can be done with a simple Filter that wraps the request with an HttpServletRequest which overrides HttpServletRequest.encodeURL and HttpServletRequest.encodeRedirectURL. Simply return the String argument passed to it and you will disable URL re-writing. Note that this will only work for a single webapp unless you want to either configure it in conf/web.xml (not recommended) or configure it in all of your separate webapps.
This technique is superior to that posted later in your question because it does not require redirection which can slow-down your requests. IMO, it's also cleaner.
Working with JBoss AS 5.1, JSF 1.2 and Seam 2.2, I'm trying to log session openings and closings.
AFAIK, at the moment of the org.jboss.seam.preDestroyContext.SESSION event, in case of a session timeout, there's no FacesContext which seems natural as there is no running HTTP request, so I can't get the session ID from it. But there's still a Seam session context which is available by Contexts.getSession().
When I dynamically inspect the Contexts.getSession() object in a debugger, I can see the JSESSIONID in some inner Map. I would like to do something like:
String sessionId = Contexts.getSession().get("JSESSIONID");
But apparently, JSESSIONID is not the right key to retrieve the session ID. I tried id, SessionId without success. The SessionContext.getNames() method returns a list of keys:
anonPersistentPermissionResolver
loggedUserId
org.jboss.seam.security.ruleBasedPermissionResolver
org.jboss.seam.web.session
com.sun.faces.application.StateManagerImpl.SerialId
org.jboss.seam.international.timeZoneSelector
org.jboss.seam.international.localeSelector
org.jboss.seam.security.defaultResolverChain
org.jboss.seam.security.persistentPermissionResolver
javax.faces.request.charset
crumbs
org.jboss.seam.core.conversationEntries
debateId
org.jboss.seam.security.credentials
com.sun.faces.logicalViewMap
org.jboss.seam.security.identity
org.jboss.seam.security.rememberMe
The value for org.jboss.seam.web.session doesn't contain the session ID.
How do I get the session ID from Contexts.getSession()?
Maybe you can use a classic HttpSessionListener to log what you need. Put in your web.xml:
...
<listener>
<listener-class>com.yourcompany.YourSessionListener</listener-class>
</listener>
...
The listener implementation is like this:
package com.yourcompany;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
import org.apache.log4j.Logger;
public class YourSessionListener implements HttpSessionListener {
private static Logger log = Logger.getLogger(YourSessionListener.class);
public void sessionCreated(HttpSessionEvent event) {
log.info("creating http session: " + event.getSession().getId());
}
public void sessionDestroyed(HttpSessionEvent event) {
log.info("destroying http session: " + event.getSession().getId());
}
}
Good evening,
In a test JSF 2.0 web app, I am trying to get the number of active sessions but there is a problem in the sessionDestroyed method of the HttpSessionListener.
Indeed, when a user logs in, the number of active session increases by 1, but when a user logs off, the same number remains as it is (no desincrementation happens) and the worse is that, when the same user logs in again (even though he unvalidated the session), the same number is incremented.
To put that in different words :
1- I log in, the active sessions number is incremented by 1.
2- I Logout (the session gets unvalidated)
3- I login again, the sessions number is incremented by 1. The display is = 2.
4- I repeat the operation, and the sessions number keeps being incremented, while there is only one user logged in.
So I thought that method sessionDestroyed is not properly called, or maybe effectively called after the session timeout which is a parameter in WEB.XML (mine is 60 minutes).
That is weird as this is a Session Listener and there is nothing wrong with my Class.
Does someone please have a clue?
package mybeans;
import entities.Users;
import java.io.*;
import java.util.Date;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.faces.bean.ManagedBean;
import javax.faces.context.FacesContext;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
import jsf.util.JsfUtil;
/**
* Session Listener.
* #author TOTO
*/
#ManagedBean
public class SessionEar implements HttpSessionListener {
public String ctext;
File file = new File("sessionlog.csv");
BufferedWriter output = null;
public static int activesessions = 0;
public static long creationTime = 0;
public static int remTime = 0;
String separator = ",";
String headtext = "Session Creation Time" + separator + "Session Destruction Time" + separator + "User";
/**
*
* #return Remnant session time
*/
public static int getRemTime() {
return remTime;
}
/**
*
* #return Session creation time
*/
public static long getCreationTime() {
return creationTime;
}
/**
*
* #return System time
*/
private String getTime() {
return new Date(System.currentTimeMillis()).toString();
}
/**
*
* #return active sessions number
*/
public static int getActivesessions() {
return activesessions;
}
#Override
public void sessionCreated(HttpSessionEvent hse) {
// Insert value of remnant session time
remTime = hse.getSession().getMaxInactiveInterval();
// Insert value of Session creation time (in seconds)
creationTime = new Date(hse.getSession().getCreationTime()).getTime() / 1000;
if (hse.getSession().isNew()) {
activesessions++;
} // Increment the session number
System.out.println("Session Created at: " + getTime());
// We write into a file information about the session created
ctext = String.valueOf(new Date(hse.getSession().getCreationTime()) + separator);
String userstring = FacesContext.getCurrentInstance().getExternalContext().getRemoteUser();
// If the file does not exist, create it
try {
if (!file.exists()) {
file.createNewFile();
output = new BufferedWriter(new FileWriter(file.getName(), true));
// output.newLine();
output.write(headtext);
output.flush();
output.close();
}
output = new BufferedWriter(new FileWriter(file.getName(), true));
//output.newLine();
output.write(ctext + userstring);
output.flush();
output.close();
} catch (IOException ex) {
Logger.getLogger(SessionEar.class.getName()).log(Level.SEVERE, null, ex);
JsfUtil.addErrorMessage(ex, "Cannot append session Info to File");
}
System.out.println("Session File has been written to sessionlog.txt");
}
#Override
public void sessionDestroyed(HttpSessionEvent se) {
// Desincrement the active sessions number
activesessions--;
// Appen Infos about session destruction into CSV FILE
String stext = "\n" + new Date(se.getSession().getCreationTime()) + separator;
try {
if (!file.exists()) {
file.createNewFile();
output = new BufferedWriter(new FileWriter(file.getName(), true));
// output.newLine();
output.write(headtext);
output.flush();
output.close();
}
output = new BufferedWriter(new FileWriter(file.getName(), true));
// output.newLine();
output.write(stext);
output.flush();
output.close();
} catch (IOException ex) {
Logger.getLogger(SessionEar.class.getName()).log(Level.SEVERE, null, ex);
JsfUtil.addErrorMessage(ex, "Cannot append session Info to File");
}
}
} // END OF CLASS
I am retrieving the active sessions number this way:
<h:outputText id="sessionsfacet" value="#{UserBean.activeSessionsNumber}"/>
from another managedBean:
public String getActiveSessionsNumber() {
return String.valueOf(SessionEar.getActivesessions());
}
My logout method is as follow:
public String logout() {
HttpSession lsession = (HttpSession) FacesContext.getCurrentInstance().getExternalContext().getSession(false);
if (lsession != null) {
lsession.invalidate();
}
JsfUtil.addSuccessMessage("You are now logged out.");
return "Logout";
}
// end of logout
I'm not sure. This seems to work fine for a single visitor. But some things definitely doesn't look right in your HttpSessionListener.
#ManagedBean
public class SessionEar implements HttpSessionListener {
Why is it a #ManagedBean? It makes no sense, remove it. In Java EE 6 you'd use #WebListener instead.
BufferedWriter output = null;
This should definitely not be an instance variable. It's not threadsafe. Declare it methodlocal. For every HttpSessionListener implementation there's only one instance throughout the application's lifetime. When there are simultaneous session creations/destroys, then your output get overridden by another one while busy and your file would get corrupted.
public static long creationTime = 0;
public static int remTime = 0;
Those should also not be an instance variable. Every new session creation would override it and it would get reflected into the presentation of all other users. I.e. it is not threadsafe. Get rid of them and make use of #{session.creationTime} and #{session.maxInactiveInterval} in EL if you need to get it over there for some reason. Or just get it straight from the HttpSession instance within a HTTP request.
if (hse.getSession().isNew()) {
This is always true inside sessionCreated() method. This makes no sense. Remove it.
JsfUtil.addErrorMessage(ex, "Cannot append session Info to File");
I don't know what that method exactly is doing, but I just want to warn that there is no guarantee that the FacesContext is present in the thread when the session is about to be created or destroyed. It may take place in a non-JSF request. Or there may be no means of a HTTP request at all. So you risk NPE's because the FacesContext is null then.
Nonetheless, I created the following test snippet and it works fine for me. The #SessionScoped bean implicitly creates the session. The commandbutton invalidates the session. All methods are called as expected. How many times you also press the button in the same browser tab, the count is always 1.
<h:form>
<h:commandButton value="logout" action="#{bean.logout}" />
<h:outputText value="#{bean.sessionCount}" />
</h:form>
with
#ManagedBean
#SessionScoped
public class Bean implements Serializable {
public void logout() {
System.out.println("logout action invoked");
FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
}
public int getSessionCount() {
System.out.println("session count getter invoked");
return SessionCounter.getCount();
}
}
and
#WebListener
public class SessionCounter implements HttpSessionListener {
private static int count;
#Override
public void sessionCreated(HttpSessionEvent event) {
System.out.println("session created: " + event.getSession().getId());
count++;
}
#Override
public void sessionDestroyed(HttpSessionEvent event) {
System.out.println("session destroyed: " + event.getSession().getId());
count--;
}
public static int getCount() {
return count;
}
}
(note on Java EE 5 you need to register it as <listener> in web.xml the usual way)
<listener>
<listener-class>com.example.SessionCounter</listener-class>
</listener>
If the above example works for you, then your problem likely lies somewhere else. Perhaps you didn't register it as <listener> in web.xml at all and you're simply manually creating a new instance of the listener everytime inside some login method. Regardless, now you at least have a minimum kickoff example to build further on.
Something in a completely different direction - tomcat supports JMX. There is a JMX MBean that will tell you the number of active sessions. (If your container is not tomcat, it should still support JMX and provide some way to track that)
Is your public void sessionDestroyed(HttpSessionEvent se) { called ? I don't see why it won't increment. After the user calls session.invalidate() through logout, the session is destroyed, and for the next request a new one is created. This is normal behavior.