The sessionCreated() method is called twice for each new session. Test code: public class MyListener implements HttpSessionListener { public void sessionCreated(HttpSessionEvent hse) { HttpSession session = hse.getSession(); System.out.println("Created called: " + session.getId()); System.out.println("isNew(): " + session.isNew()); } } Result: Created called: F054C065430771A554A54117C113D446 isNew(): true Created called: F054C065430771A554A54117C113D446 isNew(): true
On further experimentation, I noticed that this error only occurs when I define the tag library that contains the listener in the web.xml file with a taglib element. If I rely on auto-discovery of tag libraries, everything works fine. Most likely, the listener is registered once when the container processes the TLD it finds through auto-discovery, and then again when it finds the TLD through the web.xml definition. Checking whether a TLD has already been processed before registering listeners should fix the problem.
This problem will be addressed later. It only affects people which: * Explicitly have a <taglib> element in your web.xml file * This <taglib> element refers to a JAR file, not a TLD file * There is a TLD inside this JAR file that defines a listener.
Reopen.
I've added a chack which should prevent registering the same listener twice.
I am seeing symptoms of this bug in tomcat 4.1.12 and 4.1.18 on Linux 7.2 I use the following code for the HttpSessionListener.sessionCreated() method: public void sessionCreated(HttpSessionEvent event) { try { Object sessionId = event.getSession().getId(); System.out.println("SessionCounter.sessionCreated called for id: "+sessionId); System.out.println("SessionCounter.sessionCreated isNew="+event.getSession ().isNew()); if(! (sessionList.contains(sessionId)) ){ sessionList.add(sessionId); totalSessionCount++; currentSessionCount++; if (currentSessionCount > maxSessionCount) { maxSessionCount = currentSessionCount; } if (context == null) { storeInServletContext(event); } } } catch(Exception e) { e.printStackTrace(); } } Please note: I'm using the vector to hold the sessionId so that I can avoid the double counting. However, the problem occurs without the added code. The web.xml is as follows: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <web-app> <filter> <filter-name>RedirectFilter</filter-name> <filter-class>com.checkpoint.webapp.filter.RedirectFilter</filter-class> <init-param> <param-name>maxActiveSessions</param-name> <param-value>4</param-value> </init-param> <init-param> <param-name>redirectURL</param-name> <param-value>https://usercenter.checkpoint.com/</param-value> </init-param> </filter> <filter-mapping> <filter-name>RedirectFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class>com.checkpoint.webapp.listener.SessionCounter</listener- class> </listener> <session-config> <session-timeout>2</session-timeout> </session-config> </web-app> the output is: SessionCounter.sessionCreated called for id: 632E263A1EDE464BBD19BB1D5D4C7EDD.tomcat1 SessionCounter.sessionCreated isNew=true SessionCounter.sessionCreated called for id: 632E263A1EDE464BBD19BB1D5D4C7EDD.tomcat1 SessionCounter.sessionCreated isNew=true there are no other contexts (no ROOT or others) and no taglibs
JFC's session manager refactoring should fix it in 4.1.24 (as well as other cleanups and fixes).