While the user can delete the cookie that is associated with the session, the server will consider the session valid until it times out, as the user is unable to end the session manually. If you add in a link/button that says "Remove my session from server" and then have the application invalidate the session, the listener would still log it the same as if the server did it automatically, but you also now have control over logging that.
I might be wrong (a famous saying) but I don't know how effective the Filter version of the system will be, as it needs to be invoked via a request in order to process/expire the session. The listener is able to log sessions as they end, and not require a user to hit the filter first. (If a user goes inactive, the session will expire, and the listener will catch it and log it) -----Original Message----- From: David Kerber [mailto:[EMAIL PROTECTED] Sent: Thursday, February 09, 2006 11:09 AM To: Tomcat Users List Subject: Re: Logging session timeouts That got me going; thanks! One more question: Is there any way of telling if the session was actively invalidated, or if it timed out? Looking at the docs for HttpSessionBindingEvent, I don't see any differentiation between them. That's not a big deal, but would be nice to have. Dave --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
