I think I may have been a little unclear in my explanation. I have a system of object for security checking. The only object that is used in the web part of my application is a proxy to my User objects. This proxy also implements the HttpSessionBindingListener interface. In the valueUnbound() method, I call to my logic bean that handles the logout actions with a reference to the proxied object. This is the only place I call the logout logic from with the web portion of the application.
The (struts based) LogoutAction I created does nothing but invalidate the session. This causes the valueUnbound method to be called. This chains to the logout logic. When the session times out on its own, the valueUnbound method is also called, hence, the logout logic again is called. Sorry if I didn't explain that clearly before. _____________________________________________________ Jason, Your solution covers the log off case. How about session time out, say, a user leave a page of the application and browse another site. There isn't log off action in this case.
