An alternative to guessing based on the idle interval is to set an attribute in the session when the logout is triggered by the user. For example, if you can put something like the following in the method that handles user triggered logouts:
httpServletRequest.getSession().setAttribute("logout", true);
// invalidate the principal
httpServletRequest.logout();
// invalidate the session
httpServletRequest.getSession().invalidate();
then you can have the following in your HttpSessionListener class:
@Override
public void sessionDestroyed(HttpSessionEvent event) {
HttpSession session = event.getSession();
if (session.getAttribute("logout") == null) {
// it's a timeout
}
}
