• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 193
  • Last Modified:

Finding If a Session is Valid using the Session ID

Hello All,
     I am currently working on a web application where in
a user is allowed to edit a particular record. I will have
to restrict 2 users from editing the same record, for this
reason i am using the Session Id of the user to know which
user is editing a particular record.

     I have a seperate table which stores the entries like
the record (unique identified) and the session id. Each
time a person is about to edit or delete a particular
record i go and see if  that particular record is being
edited by another user.

    Now the problem is if the session has expired, i don't
have a control of the record which i had created. So if
another user tries to update or delete he is still not able to edit or delete that particular record.

    Now i have the Session Id of the user who started
editing that particular record, now i will have to find
out if the session is valid.

    Can any one help me out to solve the above problem.
I am current using tomcat 3.2.3 on Red Hat Linux .


V. Ramkumar.

any other user
0
V_Ram
Asked:
V_Ram
  • 2
1 Solution
 
kotanCommented:
You can use event/listener method to delete the record which had created. Here is the steps:

Create an object which implement HttpSessionBindingListener. This object will be stored in a session.
Then, you should implement the valueBound() and valueUnBound() method. The valueUnbound() method will
be trigger if this object being unbound (This happen when the object is being replaced and session  
is invalid). In here, you can get the invalid session and delete away the record from the database.

public class BoundObj implements HttpSessionBindingListener {
   public BoundObj() {}
   public void valueBound(HttpSessionBindingEvent be) {
        // Will be trigger when this object being bound.
   }

   public void valueUnBound(HttpSessionBindingEvent be) {
       HttpSession hs = be.getSession();
       String userid = hs.getAttribute("userid");
       String sessionid = hs.getID();
       ....
       // Delete database record.
   }
}
At the time the user login which you create a new session, put the bound object in that session.
session.setAttribute("boundobj", new boundObj());
0
 
V_RamAuthor Commented:
Hello Kotan,
   It Did Work , thanks for you timely help. By the way
does this class gets a message when the Browser is closed.

V. Ramkumar.


     
0
 
kotanCommented:
if the browser is closed,then it will wait until the session expire to get the message.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now