How to implement HttpSessionListener

The HttpSessionListenerinterface is used to monitor when sessions are created and destroyed on the application server. Its best practical use would be to track session use statistics for a server. To receive notification events, the implementation class must be configured in the deployment descriptor for the web application. This entry points the server to a class that will be called when a session is created or destroyed. The entry required is simple. All you need is a listener and listener-class element in the following format. The listener-class element must be a fully qualified class name.


The HttpSessionListenerinterface has two methods:

  • public void sessionCreated(HttpSessionEvent se) : Notification that a session was created.
  • public void sessionDestroyed(HttpSessionEvent se) : Notification that a session is about to be invalidated.

The following example demonstrates how these methods may be used:

package com.test.mypackage;
import javax.servlet.*;
import javax.servlet.http.*;
import java.util.Date;

public class MyHttpSessionListener implements HttpSessionListener
    public void sessionCreated(HttpSessionEvent se)
        HttpSession session = se.getSession();
        System.out.print(getTime() + " (session) Created:");
        System.out.println("ID=" + session.getId() + " MaxInactiveInterval="
 + session.getMaxInactiveInterval());
    public void sessionDestroyed(HttpSessionEvent se)
        HttpSession session = se.getSession();
        // session has been invalidated and all session data
//(except Id)is no longer available
        System.out.println(getTime() + " (session) Destroyed:ID="
+ session.getId());
    private String getTime()
        return new Date(System.currentTimeMillis()).toString();

There is no distinct difference between session timeout and session invalidation from the perspective of the session object. Other HttpSession API methods may be used to determine timeout and invalidation values. The HttpSessionListener and HttpSessionAttributeListener is defined in <listener> in your web.xml file. They are “application-wide”, they manage all the session in your web-application! And they are instanticated by your web-container. Even if your session attribute implements HttpSessionListener or HttpSessionAttributeListener, but you do not define that in web.xml, there is NO HttpSessionListener or HttpSessionAttributeListener instance in your web-application at all! (If you just create an HttpSessionListener instance by your own, it won’t work because your web-application does not know at all, it only checks the web.xml).


Posted on October 4, 2011, in Servlet and tagged , , , , . Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: