tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Johnny Kewl" <>
Subject Re: Programmatically detecting login or logout events
Date Mon, 28 Jul 2008 11:12:49 GMT

----- Original Message ----- 
From: "MartinOShea" <>
To: <>
Sent: Monday, July 28, 2008 10:15 AM
Subject: Programmatically detecting login or logout events

> Hello
> I'm trying to find a way to detect the events caused when a user logs into
> or logs out of an application I'm working on. I want to record these 
> events
> so that I know the exact steps a user has taken through the application's
> JSPs and servlets. I want to do this without reference to the Apache 
> Tomcat
> server logs as well.
> I have tried the following code in index.jsp (which is serving as each
> user's home page):
> <% if (request.getParameter("logoff") != null) {
>       session.invalidate();
>       response.sendRedirect("/myDataSharer/jsp/user/index.jsp");
>       return;
> } %>
> And I have tried using variations like:
> <% if (request.getParameter("logon") == true) {
> But without success.
> I have used request.getRemoteUser() at various points in the application 
> to
> identify the current user when they are authenticated by Apache Tomcat.
> However, request.getRemoteUser() does not tell me when the  user logged in
> or off.
> Does anyone know a way that the login and logout events can be recorded by
> an event in a program, a session object and so on?

Martin the problem is that even when you invalidat the session... the 
browser itself still knows that the user is cool...
So TC will send it a new session ID and it will return the info without even 
asking the user to logon as such...

Even when a user opens a new page in the browser... it knows they "still" 
Until the browser is closed they logged on ;)
And there is no direct "the browser is gone event"... browsers are stateless 
yada yada

if request.getRemoteUser() has the users name... they on... you dont know 
when they off

but you can track the user... either you have that in every page and if you 
get a name you record time page url...
or you can stick that in a filter... which sits in front of all your pages, 
so you dont have to doctor every page on a site...

You know when they in... you dont know when they gone..
Some security systems do have the ability to timeout dormant browsers... ie 
the user has left it open and left their desk, but TC I dont think can do 
that without addon tools.

request.getRemoteUser()  in a filter will do what you need I think... you 
can track em... but you dont know when they having lunch ;)

Good Luck
The most powerful application server on earth.
The only real POJO Application Server.
See it in Action :

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message