1 Reply Latest reply on Mar 20, 2009 12:42 PM by nimo22

    Session Management - how to destroy any session context

    raimundhoelle
    raimundhoelle Aug 13, 2008 10:10 PM

      Hello,


      i need for some reasons to end a HTTP Session or, at least, destroy the session & conversation contexts of the session (reasons see below post if you want know).


      I've tried the following:


      General, i track all existing sessions in an application scoped component, including HTTP session ID, user name and so on.



      First try: Using JMX MBean, e. g.:




      ObjectName objName = new ObjectName("jboss.web:host=localhost,path=/MyApp,type=Manager");
mbeanServer.invoke(objName, "expireSession", 
                           new String[] { sessionInfo.getHttpSessionId() },
                           new String[] { "java.lang.String" });



      This works very well if using outside the application (e. g. using the JMX console). If i try that inside the application (using own management views) i get the following exception:


      ERROR [[/MyApp]] Session event listener threw exception
java.lang.IllegalStateException: Please end the HttpSession via Seam.invalidateSession()
        at org.jboss.seam.contexts.Lifecycle.endSession(Lifecycle.java:221)





      Second try:



      I track also the SEAM session-Object:


      Session session = Session.instance();



      Then, later, i call


      session.invalidate();



      That works, but: the session context will not deleted until a HTTPP request of the killed session! (Like SEAM's conversation timeout facility).


      So this helps just as little as the first try.


      Has anyone an idea to solve that problem?


      Many regards,
      Raimund


      P.S. Why do i need that?
      The problem is that a conversation writes some logical locking flags to the database to avoid concurrently access to specific objects. These flags will be reset if the conversation ends (t. m. a conversation scoped bean is destroyed).


      If now the user closes the browser without ending the action properly the object will be locked until a session timeout.


      Unfortunately, SEAM conversation timeout does not help because it is detected only on a request of the session - which never will occur.


      Currently, the session timeout is relatively long (30 Minutes) to prevent the user from permanently reconnect if they - for example - are disturbed by a phone call.

        • 1. Re: Session Management - how to destroy any session context
          nimo22
          nimo22 Mar 20, 2009 12:42 PM (in response to raimundhoelle)

          Any solutions for that?


          I use


          HTTPSession.invalidate() and tolerate the advise:



          Please end the HttpSession via org.jboss.seam.web.Session.instance().invalidate()

          I guess, it is a advise and not a error, as when I explicitly delete the HTTP-session, then the session is destroyed and so the SEAM-Session, too.


          Am I right?

            • Actions