Q
Problem solve Get help with specific problems with your technologies, process and projects.

How do I dynamically invalidate a session if HttpSessionContext is deprecated?

How do I dynamically invalidate a session? According to J2EE SDK1.3, HttpSessionContext is deprecated.

As of the release of the Java Servlet API 2.1, HttpSessionContext has been deprecated. Now, the session object (embodied within an instance of a class implementing the HttpSession interface) is retrieved using HttpServletRequest methods:

   HttpSession getSession();
      or 
   HttpSession getSession(boolean create);

From the HttpSession object, you can retrieve the unique session ID with the method:

   String getId();

With the HttpSession object, you can also dynamically invalidate the session using the method:

   void invalidate();

The invalidate() method, invalidates the current session and unbinds any objects that were previously bound to it. If the session is already invalid, the invalidate() method will throw an IllegalStateException.

An object can be notified when it is bound to a session or unbound from a session simply by implementing the HttpSessionBindingListener interface. When an object is bound to a session (using the HttpSession method, setAttribute(String name, Object value)) or unbound from a session (using the HttpSession method, removeAttribute(String name)), the session checks to see whether or not the object implements the HttpSessionBindingListener interface. If it does, the object is notified that it has been bound to the session or unbound from the session via the callback methods valueBound(HttpSessionBindingEvent event) and valueUnbound(HttpSessionBindingEvent event) respectively.

Let's take a look at how this all plays out. First we will implement a simple class that implements the HttpSessionBindingListener interface:

public class MySessionListener implements HttpSessionBindingListener 
{ 
   public void valueBound(HttpSessionBindingEvent event) 
   { 
      System.out.println("I am bound to session: " 
                         + getSession().getId()); 
   } 

   public void valueUnbound(HttpSessionBindingEvent event) 
   { 
      System.out.println("I am unbound from session: " 
                         + getSession().getId()); 
   } 
} 

Now, let's take a look at how we do the actually binding and unbinding. We will assume our servlet has been sent a POST request and we are handling it in our doPost method:

protected void doPost(HttpServletRequest req, 
                         HttpServletResponse res) 
      throws ServletException, java.io.IOException 
   { 
      // Retrieve the existing session. 
      // If a session doesn't exist, the parameter "true" 
      // will cause one to be created. 
      HttpSession session = req.getSession(true); 

      // Now, we can add/bind our listener object 
      // to the session. 
      session.setAttribute("MySessionListener", 
                           new MySessionListener()); 

      // Now, for fun, let's remove/unbind our 
      // object from the session. 
      session.removeAttribute("MySessionListener"); 

      // Now, let's dynamically invalidate the session 
      session.invalidate(); 
   }

This was last published in October 2002

Dig Deeper on Microservices pattern, platforms and frameworks

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchSoftwareQuality

SearchCloudApplications

SearchAWS

TheServerSide.com

SearchWinDevelopment

DevOpsAgenda

Close