cancel
Showing results for 
Search instead for 
Did you mean: 

sessionDestroyed gets called AFTER session was invalidated by SAP!

Former Member
0 Kudos

Hi,

In a HttpSessionListener-implementation class, we put some code to log off the user in our application (we're keeping a seperate user-table in our app).

The thing is, we need the session-id for doing this. If you read the JavaDoc on the sessionDestroyed method of the HttpSessionListener-interface, it says that sessionDestroyed would get called when the session IS ABOUT TO BE invalidated.

It seems to us, though, that it gets called AFTER invalidation, because both session.getID() and session.getAttribute(...) throw an IllegalStateException in the code shown below!

Anyone got any idea? Is this an SAP bug?

public void sessionDestroyed(HttpSessionEvent httpSessionEvent) {

try {

HttpSession session = httpSessionEvent.getSession();

// ANG 20-11-2006 Als de http-sessie een timeout heeft, kan het zijn dat de hibernate-sessie nog wel leeft,

// en een nog openstaande transacties heeft.

// de frontcontroller sessies moeten allemaal geunlocked (en daarmee gerollbacked?) worden

OnderhoudFrontController onderhoudFrontController = (

OnderhoudFrontController) session.getAttribute( Keys.ONDERHOUDFRONTCONTROLLERKEY );

if (onderhoudFrontController != null) {

onderhoudFrontController.unlockAll();

}

UserManager userManager = UserManagerFactory.getUsermanager();

//Haal de username op aan de hand van de sessionID.

String username = userManager.getUsernameBySessionID(session.getId());

if (username!=null && username.length()>0) {

//Log de user uit. Let op: dit gebeurt dus obv username!

/**@todo Uitloggen obv sessionID ipv gebruikersnaam!

*/

userManager.logoutUser(username, session.getId());

}

session.removeAttribute(UserManager.ATT_USERPRINCIPAL);

SessionManager.removeInvalidSession(session.getId());

session.invalidate();

} catch(IllegalStateException ise) {

//SAP NetWeaver 7.0 bug! De sessie is in deze methode al invalid, terwijl de API

//voorschrijft dat deze methode wordt aangeroepen vlak VOOR de sessie invalid wordt gemaakt!

//De session is dus invalid. Hierop mag je geen getId() en getAttribute() aanroepen want dat

//resulteert in deze exception.

//Slik deze maar in, want hij berokkent geen schade maar komt anders wel veelvuldig in de SAP-log

//voor....

//Op JBoss gaat dit wel goed.

}

}

Accepted Solutions (0)

Answers (1)

Answers (1)

0 Kudos

Hi,

I saw in the comments of your code that you are using SAP NetWeaver 7.0. This version is J2EE 1.3 compliant which means that Servlet container is based on Servlet 2.3 specification version. And in the JavaDoc there the text is the following:

sessionDestroyed - Notification that a session was invalidated.

The change came with Servlet spec ver 2.4 when the behavior was changed to the one you mentioned above.

So from our perspective this is not a bug.

Regards,

Diyan