java - HttpSessionListener not detecting session timeout

Question

I have an implementation of javax.servlet.http.HttpSessionListener that is supposed to detect user session invalidation/timeout in a Struts project.

The sessionDestroyed() never seems to be getting called, I can reproduce this by deleting my JSESSIONID and refreshing the page. I also find that leaving the browser open until the session times out has the same effect.

The site is running in JBoss 4.2.3.GA with Java 1.5.

I'm starting to suspect that HttpSessionListener does not do what I expect it to, am I missing something?

Edit :

My listener is registered in my web.xml as follows:

<listener>
    <listener-class>com.domain.web.listener.LogoutListener</listener-class>
</listener>

Answer 1

The sessionDestroyed() method is not called until the web container expires the session. The server doesn't know you deleted the JSESSIONID cookie, your browser just looks like another new session.

From what I've seen with Tomcat, and I believe it's up to each web container implementation, session expirations happens every minute. So even after the session times out there could be a delay until the next detection of expirations.

It should definitely happen eventually though. Especially if you set the timeout to a minute and wait a few minutes. Note the timeout is specified in minutes, so one minute is the minimum to test with. I assume you have your listener registered in your web.xml file?