How do I invalidate user’s session?

In a web application you might want to invalidate user session, for instance in a logout Servlet or JSP. There is an invalidate() method in the HttpSession interface, this method invalidates the session and it removes all attributes from the session object.

package org.kodejava.example.servlet;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class InvalidateSessionServlet extends HttpServlet {
    protected void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {

        HttpSession session = request.getSession();

        // Invalidate the session and removes any attribute related to it

        // Get an HttpSession related to this request, if no session exist don't
        // create a new one. This is just a check to see after invalidation the
        // session will be null.
        session = request.getSession(false);

        response.getWriter().println("Session : " + session);

    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        doPost(request, response);

How do I count number of online users?

When you have a web application you might want to know how many users are currently online or connected to your website. If you have visited some of web online forums you can see; usually on the first page; the list of their online users or maybe just the number of currently online users.

How do we know / count how many sessions or users are currently connected to our website. Do you care to know? Let’s see what Java Servlet API offers us on this matter.

Servlet API has an interface javax.servlet.http.HttpSessionListener, an implementation of this interface will have the ability to be notified by the servlet engine at anytime when a new session was created or destroyed.

This interface has two methods to be implemented; these methods are sessionCreated(HttpSessionEvent se) and sessionDestroyed(HttpSessionEvent se). These method will be called as a notification that a new session was created and the session was about to be destroyed respectively.

Now let’s create our session listener. The code below is what our class is going to be implemented.

package org.kodejava.example.servlet;

import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
import javax.servlet.http.HttpSession;
import java.util.List;
import java.util.ArrayList;

public class SessionCounter implements HttpSessionListener {
    private List<String> sessions = new ArrayList<>();
    public static final String COUNTER = "session-counter";

    public void sessionCreated(HttpSessionEvent event) {
        HttpSession session = event.getSession();
        session.setAttribute(SessionCounter.COUNTER, this);

    public void sessionDestroyed(HttpSessionEvent event) {
        HttpSession session = event.getSession();
        session.setAttribute(SessionCounter.COUNTER, this);

    public int getActiveSessionNumber() {
        return sessions.size();

To display information of current online users we need to create a simple JSP page. This JSP file will get the number of online user from HttpSession attribute named counter that we set in our listener above.

<%@ page import="org.kodejava.example.servlet.SessionCounter" %>
    <title>Session Counter</title>
    SessionCounter counter = (SessionCounter) session.getAttribute(

Number of online user(s): <%= counter.getActiveSessionNumber() %>

The final step to make the listener working is to register it in the web.xml file. Below is the example how to register the listener in web.xml.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app
        "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"

    <display-name>Servlet Examples</display-name>



Here a screen capture of the session counter in action:

Servlet Session Counter

Servlet Session Counter Example