@WebListener ()
public class SessionLifecycleListener implements HttpSessionListener
{
 
  @Override
  public void sessionCreated (HttpSessionEvent hse)
  {
    int sessionTimeout = (int) hse.getSession ().getServletContext ().getAttribute (AuthManagerServlet.class.getPackage ().getName () + "." + AuthManagerServlet.class.getName () + ".sessionTimeout");
    if (sessionTimeout <= 0)
    {
      sessionTimeout = 600;
    }
    hse.getSession ().setMaxInactiveInterval (sessionTimeout);
  }
 
  @Override
  public void sessionDestroyed (HttpSessionEvent hse)
  {
    Map<String, String> authorizedSessions = (Map<String, String>) hse.getSession ().getServletContext ().getAttribute (AuthManagerServlet.class.getPackage ().getName () + "." + AuthManagerServlet.class.getName () + ".authorizedSessions");
    String jSessionId = hse.getSession ().getId ();
    Collection values = authorizedSessions.values ();
    for (Iterator i = values.iterator (); i.hasNext ();)
    {
      String value = i.next ();
      if (jSessionId.equals (value))
      {
        authorizedSessions.remove (value);
        break;
      }
    }
  }
}