Start Invalidating session in jsf

Invalidating session in jsf

After much head scratching, staring at ADF BC help documentation to see if there was a solution, a case of Java brain freeze, I finally posted on the JDev OTN forum for assistance.

With the session Created() and session Destroyed() methods within the Http Session Listener, we now have an ideal place to write-and-read values to-and-from the implicit J2EE session scope to capture the user logging in and out.

For example: For example you see in the session Created() method that we can set a session variable Login Date Time = System.current Time Millis, then in the session Destroyed() method we can retrieve the Login Date Time and later write that to the database via a JDBC call. Within Http Session Listener, we have no way to get at the authenticated user's details (essentially their account name).

Thus when the session Destroyed() method is called it has an actual User to work with.

To configure the Filter in the file you include the following entries: Now the listener can grab the user name from the session scope supplied via the filter. There are a couple of caveats with this solution: The user's credentials (account name) can only be retrieved by the Filter if the user has or is visiting a J2EE container based protected page of the application.

I recently had a requirement to record when users log-in and out of my ADF application, as well as time-out of the application after an inactive period.

As part of the requirement the user's name, login datetime, and logout/timeout datetime needed to be written to the database.

Whenever a new user accesses a web page within our application. Either when the user logs out of the session through a facility supplied by the programmer that calls the session.invalidate() method.