Solved

Finding If a Session  is Valid using the Session ID

Posted on 2002-03-18
3
175 Views
Last Modified: 2010-04-01
Hello All,
     I am currently working on a web application where in
a user is allowed to edit a particular record. I will have
to restrict 2 users from editing the same record, for this
reason i am using the Session Id of the user to know which
user is editing a particular record.

     I have a seperate table which stores the entries like
the record (unique identified) and the session id. Each
time a person is about to edit or delete a particular
record i go and see if  that particular record is being
edited by another user.

    Now the problem is if the session has expired, i don't
have a control of the record which i had created. So if
another user tries to update or delete he is still not able to edit or delete that particular record.

    Now i have the Session Id of the user who started
editing that particular record, now i will have to find
out if the session is valid.

    Can any one help me out to solve the above problem.
I am current using tomcat 3.2.3 on Red Hat Linux .


V. Ramkumar.

any other user
0
Comment
Question by:V_Ram
  • 2
3 Comments
 
LVL 6

Accepted Solution

by:
kotan earned 100 total points
ID: 6879091
You can use event/listener method to delete the record which had created. Here is the steps:

Create an object which implement HttpSessionBindingListener. This object will be stored in a session.
Then, you should implement the valueBound() and valueUnBound() method. The valueUnbound() method will
be trigger if this object being unbound (This happen when the object is being replaced and session  
is invalid). In here, you can get the invalid session and delete away the record from the database.

public class BoundObj implements HttpSessionBindingListener {
   public BoundObj() {}
   public void valueBound(HttpSessionBindingEvent be) {
        // Will be trigger when this object being bound.
   }

   public void valueUnBound(HttpSessionBindingEvent be) {
       HttpSession hs = be.getSession();
       String userid = hs.getAttribute("userid");
       String sessionid = hs.getID();
       ....
       // Delete database record.
   }
}
At the time the user login which you create a new session, put the bound object in that session.
session.setAttribute("boundobj", new boundObj());
0
 

Author Comment

by:V_Ram
ID: 6882031
Hello Kotan,
   It Did Work , thanks for you timely help. By the way
does this class gets a message when the Browser is closed.

V. Ramkumar.


     
0
 
LVL 6

Expert Comment

by:kotan
ID: 6882038
if the browser is closed,then it will wait until the session expire to get the message.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
what is stuck threads? 3 97
simple jsp servlet and webservice web example 5 113
J2SE 5.0 metadata 1 51
squirrelPlay java challenge 40 157
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now