Bug 27273 - HttpSessionListener receives sessionDestroyed() event twice per timed-out HTTP session
Summary: HttpSessionListener receives sessionDestroyed() event twice per timed-out HTT...
Status: RESOLVED DUPLICATE of bug 25234
Alias: None
Product: Tomcat 5
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 5.0.16
Hardware: All Windows XP
: P3 major (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
Depends on:
Reported: 2004-02-26 22:40 UTC by Alexey Verkhovsky
Modified: 2004-11-16 19:05 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description Alexey Verkhovsky 2004-02-26 22:40:58 UTC
Register a listener of type HttpSessionListener in web.xml. Make it log calls 
to sessionCreated() and sessionDestroyed(). Invoke a servlet to create new HTP 
session. Within the servlet code set session timeout to something like 5 
seconds. Close client app. Slowly count to 5. See the listener's log.

Expected: one call to sessionCreated() and one to sessionDestroyed().\
Actual: one call to sessionCreated(), as expected, then two calls to 
sessionDestroyed(). In both calls to sessionDestroyed() event.getSession() 
returns reference to the same session object.


HttpSessionListener receives sessionDestroyed() event twice. 

Here is a quote from org.apache.catalina.session.StandardManager:

    public void processExpires() {

        long timeNow = System.currentTimeMillis();
        Session sessions[] = findSessions();

        for (int i = 0; i < sessions.length; i++) {
            StandardSession session = (StandardSession) sessions[i];
            if (!session.isValid()) {
                try {
                } catch (Throwable t) {
                              ("standardManager.expireException"), t);
        long timeEnd = System.currentTimeMillis();
        processingTime += ( timeEnd - timeNow );


The problem, apparently is that session.expire() method is invoked not only 
direct from the above quoted method (StandardManager,java:815), but also 
session.isValid() method.

I am not familiar with Tomcat codebase to try and suggest a fix, but a method 
called "isValid" doing something other than assessing and reporting the session 
state to its caller seems strange.
Comment 1 Remy Maucherat 2004-02-26 22:54:14 UTC

*** This bug has been marked as a duplicate of 25234 ***