Joey Geiger wrote:
While the user can delete the cookie that is associated with the session,
the server will consider the session valid until it times out, as the user
is unable to end the session manually. If you add in a link/button that says
"Remove my session from server" and then have the application invalidate the
session, the listener would still log it the same as if the server did it
automatically, but you also now have control over logging that.
That's essentially what I have: a "log out" link, whch logs it and
calls session.invaildate(), but I know not all my users use it.
I might be wrong (a famous saying) but I don't know how effective the Filter
version of the system will be, as it needs to be invoked via a request in
order to process/expire the session. The listener is able to log sessions as
they end, and not require a user to hit the filter first. (If a user goes
inactive, the session will expire, and the listener will catch it and log
it)
-----Original Message-----
From: David Kerber [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 09, 2006 11:09 AM
To: Tomcat Users List
Subject: Re: Logging session timeouts
That got me going; thanks!
One more question:
Is there any way of telling if the session was actively invalidated, or
if it timed out? Looking at the docs for HttpSessionBindingEvent, I
don't see any differentiation between them. That's not a big deal, but
would be nice to have.
Dave
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
