All,
After having written a solution using JMX to do something like this, I'd
like to make it cleaner and I'm not sure it's entirely possible using
just Servlet APIs.
I'd like to be able to track every HttpSession for the application.
for admin purposes, I'd like to be able to analyze:
1. The total number of sessions
2. The number of sessions which represent a logged-in user vs a
crawler-session or someone who visited the home-page and got a session
but never logged-in
3. Checking-out some specific roles of those logged-in users e.g.
end-user, staff, admin
4. Be able to kill a session at will. For example "chris is already
logged-in, kill his old session and let the new login remain"
I started with the obvious HttpSessionListener +
HttpSessionActivationListener, but I tried this experiment and it didn't
turn out how I expected:
1. Start the application and hit the front page
-> I get a call to HttpSessionListener.sessionCreated (expected)
2. Login
3. Logout
-> I get a call to HttpSessionListener.sessionDestroyed (expected)
-> I get a call to HttpSessionListener.sessionCreated (expected)
(this second one happens because our home-page creates a session)
4. Login again
5. Stop Tomcat
-> No calls to anything I can see
6. Start Tomcat
-> No calls to anything I can see
7. Access a protected page
-> Access is allowed; I'm still logged-in.
When Tomcat shuts-down, it's saving the sessions using local
persistence[1]. When the application comes back up, all those sessions
are restored from the disk.
When my HttpSeessionListener starts, it's empty and doesn't know about
any sessions. Tomcat doesn't notify it that any sessions are coming from
that storage.
I would have expected calls to
HttpSessionActivationListener.sessionWillPassivate and
HttpSessionActivationListener.sessionDidActivate.
Do I have unrealistic expectations? Is there a way to capture these
events so my in-memory session-watcher/manager is able to have an
accurate view of what Tomcat can see?
Thanks,
-chris
[1]
https://tomcat.apache.org/tomcat-8.5-doc/config/manager.html#Persistence_Across_Restarts
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org