We receive the sessionWillPassivate and sessionDidActivate callbacks on startup. Odd that you are not. That's how we achieve the same.
On Thu, Mar 21, 2024 at 3:25 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > All, > > After having written a solution using JMX to do something like this, I'd > like to make it cleaner and I'm not sure it's entirely possible using > just Servlet APIs. > > I'd like to be able to track every HttpSession for the application. > > for admin purposes, I'd like to be able to analyze: > > 1. The total number of sessions > > 2. The number of sessions which represent a logged-in user vs a > crawler-session or someone who visited the home-page and got a session > but never logged-in > > 3. Checking-out some specific roles of those logged-in users e.g. > end-user, staff, admin > > 4. Be able to kill a session at will. For example "chris is already > logged-in, kill his old session and let the new login remain" > > I started with the obvious HttpSessionListener + > HttpSessionActivationListener, but I tried this experiment and it didn't > turn out how I expected: > > 1. Start the application and hit the front page > > -> I get a call to HttpSessionListener.sessionCreated (expected) > > 2. Login > > 3. Logout > > -> I get a call to HttpSessionListener.sessionDestroyed (expected) > -> I get a call to HttpSessionListener.sessionCreated (expected) > (this second one happens because our home-page creates a session) > > 4. Login again > > 5. Stop Tomcat > > -> No calls to anything I can see > > 6. Start Tomcat > > -> No calls to anything I can see > > 7. Access a protected page > > -> Access is allowed; I'm still logged-in. > > When Tomcat shuts-down, it's saving the sessions using local > persistence[1]. When the application comes back up, all those sessions > are restored from the disk. > > When my HttpSeessionListener starts, it's empty and doesn't know about > any sessions. Tomcat doesn't notify it that any sessions are coming from > that storage. > > I would have expected calls to > HttpSessionActivationListener.sessionWillPassivate and > HttpSessionActivationListener.sessionDidActivate. > > Do I have unrealistic expectations? Is there a way to capture these > events so my in-memory session-watcher/manager is able to have an > accurate view of what Tomcat can see? > > Thanks, > -chris > > [1] > > https://tomcat.apache.org/tomcat-8.5-doc/config/manager.html#Persistence_Across_Restarts > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >