I have a object representing a user that acts as a proxy into my security framework that implements HttpSessionBindingListener, and the valueUnbound method calls my logout logic, which includes removing the user from the set of currently logged in users, as well as DB updates and some other little things.
The user's explicit logout action just has to invalidate the session in this scenario. HTH Jason _______________________________________________________________ In order to keep track of who is online, I need to keep a list of on line users. When a user sign in, which can have more than one routes, an account information object is created. The class implements the HttpSessionBindingListener interface. The user id is added into the list in the valueBound method. I would like to have a single one place to remove the user id from the list when user sign out, or session time out. The valueUnbound method is not a good place since the session is invalidated already when the invalidate method is called. The sessionDestroyed method of the HttpSessionListener interface isn't a right place neither. Any suggestions?
