Package dyntabs.scope

Class TabScopeSessionListener

java.lang.Object

dyntabs.scope.TabScopeSessionListener

All Implemented Interfaces:

jakarta.servlet.http.HttpSessionIdListener, jakarta.servlet.http.HttpSessionListener, EventListener

@WebListener
public class TabScopeSessionListener
extends Object
implements jakarta.servlet.http.HttpSessionListener, jakarta.servlet.http.HttpSessionIdListener

HttpSessionListener + HttpSessionIdListener that:

1. Destroys all @TabScoped beans when an HTTP session expires or is invalidated
2. Tracks session ID changes (session fixation protection) and migrates beans from the old ID to the new one

Why HttpSessionIdListener? When a user logs in, the servlet container changes the session ID to protect against session fixation attacks. Without this listener, beans would remain "trapped" under the old session ID and would never be cleaned up.

This listener is automatically registered via the @WebListener annotation. If automatic registration does not work (e.g. due to scanning configuration), it can be registered in web.xml:

 
 <listener>
     <listener-class>dyntabs.scope.TabScopeSessionListener</listener-class>
 </listener>
 
 

Author:

DynTabs

See Also:

• TabScopedContextHolder.destroyAllBeansForSession(String)
• TabScopedContextHolder.migrateSession(String, String)

Constructor Summary

Constructors

Constructor	Description
TabScopeSessionListener()

Method Summary

Modifier and Type	Method	Description
void	sessionCreated(jakarta.servlet.http.HttpSessionEvent se)	Called when a new HTTP session is created.
void	sessionDestroyed(jakarta.servlet.http.HttpSessionEvent se)	Called when an HTTP session expires or is invalidated.
void	sessionIdChanged(jakarta.servlet.http.HttpSessionEvent se, String oldSessionId)	Called when the servlet container changes the session ID.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

TabScopeSessionListener

public TabScopeSessionListener()

Method Details

sessionCreated

public void sessionCreated(jakarta.servlet.http.HttpSessionEvent se)

Called when a new HTTP session is created. Only logs the session creation for debugging purposes.

Specified by:

sessionCreated in interface jakarta.servlet.http.HttpSessionListener

Parameters:

se - HttpSessionEvent with session information

sessionDestroyed

public void sessionDestroyed(jakarta.servlet.http.HttpSessionEvent se)

Called when an HTTP session expires or is invalidated.

Destroys all @TabScoped beans associated with that session, calling @PreDestroy methods on each bean and releasing resources.

Specified by:

sessionDestroyed in interface jakarta.servlet.http.HttpSessionListener

Parameters:

se - HttpSessionEvent with session information

sessionIdChanged

public void sessionIdChanged(jakarta.servlet.http.HttpSessionEvent se,
 String oldSessionId)

Called when the servlet container changes the session ID.

This happens during:

• Login (session fixation protection)
• Explicit call to HttpServletRequest.changeSessionId()

Migrates all @TabScoped beans from the old session ID to the new one, so beans remain accessible after the ID change.

Specified by:

sessionIdChanged in interface jakarta.servlet.http.HttpSessionIdListener

Parameters:

se - HttpSessionEvent with the new session ID

oldSessionId - the previous session ID