In both approaches I would recommend using Http Session Binding Listener.
Implementing this interface requires providing implementation for boolean equals(Object other),int hash Code(), voidvalue Bound(Http Session Binding Event event) and voidvalue Unbound(Http Session Binding Event event).
This method will remove all attributes and clear all cookies, in addition to calling . POST,headers="Content-type=application/x-www-form-urlencoded") public String create(@Valid Category VO category VO, Binding Result results, Http Session session, Model model) throws Exception /** * Starts a new download within the session, with query parameters.
* @param request Request to get cookies and session from, required. * @param session session in which the download is kept * @param query download query * @return download id, always positive; -1 in case of error.
We may have a requirement to receive a notification whenever a new session is created or we would like to know how many sessions are active on the website so that we can know how many users are logged in and active on the website. There are many approaches including the database flag for a user to know whether a user is logged in currently or not.Database solution takes lot of work and amount of time to implement and has many problems including browser close should also log-out for the user does not wait so many minutes before sessions get invalidated automatically.* @param response Response to set updated cookies on. Not required, but cookies cannot be cleared if null. The CONFIDENTIAL transport-guarantee redirects the user from a non-secure port to a secure port if a protected resource is requested.