Dec 22nd, 2010, 01:27 PM
issue for tracking online active users
Based on the introduciton from book of "Spring Security 3", we can use SessionRegistry to retrieve all the active online users by this simple line:
The issue is if user use login/logout, this method will give accurate number, but mostly, people just leave the page without logout, in this case, sessionRegistry will always have those users in memory.
Are there anyway to detect the activity for those inactive users and give accurate number for online active users?
Dec 22nd, 2010, 07:24 PM
Do you have the HttpSessionEventPublisher specified in your web.xml as specified in the Session Management portion of the reference?
Dec 22nd, 2010, 07:42 PM
yes for sure, I put
in the web.xml
The thing is if user just close the browser, I can not see any way to notify the back end server for session destroy. and the session will be there forever.
Have you ever tried that and see if live online user can be calculated accurately?
Dec 22nd, 2010, 07:50 PM
In this scenario, after a specified amount of time the session will expire based upon time. As soon as the session expires, the session information is removed from Spring Security. Then configuration for the expiration time is typically done in the web.xml Note the accuracy of the container can vary a bit (i.e. it may not be exact amount of time till it expires).
Dec 22nd, 2010, 07:55 PM
That's what I guess. Can you point me how to set the duration for session expiration?
Dec 22nd, 2010, 08:04 PM
This isn't anything Spring Security specific and your favorite search engine should be able to help by searching for web.xml session timeout.