tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin O'Shea" <>
Subject RE: Detecting a login or logoff event
Date Thu, 06 Oct 2011 14:19:42 GMT
I had thought to use scriptlets.

But I've rigged a filter on the server which tests for the mappings of the few protected pages
which require logins. It seems to work and update session variables which is what I'm after.
My issue is that a session may well have been created prior to login so using a listener here
via sessionCreated may not be useful.

Detecting a logoff is easier using the sessionDestroyed method.

-----Original Message-----
From: Caldarale, Charles R [] 
Sent: 06 Oct 2011 15 05
To: Tomcat Users List
Subject: RE: Detecting a login or logoff event

> From: Martin O'Shea []
> Subject: Detecting a login or logoff event

> I need to be able to intercept a successful authentication of a login 
> / logout request which can then be used to make a series of system 
> updates to record the fact.

> I am thinking about scriptlets in the pages served testing the 
> request's servlet path after login is successful

If the integrity of your information is dependent on actions of the client, you have no data
integrity.  There's nothing stopping a client from disabling scripts, running their own scripts,
or doing anything else by accident or intent - you cannot control that.  Anything you do for
tracking must be done on the server side.

You probably can use a filter, but a Listener might be more appropriate.  See section 10 of
the servlet spec.  (Make sure you're looking at the current spec for the Tomcat version you're
using; the 2.2 spec you referenced earlier is badly out of date.)

 - Chuck

for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message