Solved

Session ID

Posted on 2002-03-20
9
271 Views
Last Modified: 2010-04-01
Hi,

Is there a way to generate the session ID myself instead of servlet engin generating it?

I am developing a web site that users must login to access it.  I want to prevent users from openning 2 browsers and login them both.  In other words, I want to allow only 1 access to my site at a time for a same user.  The second login from the second browser should logoff the first login from the first browser.  

I can achieve this by generating the Session ID based on the username. But I just don't know if it is possible to generate Session ID myself.

Thanks in advance.

Sam.

 
0
Comment
Question by:samantha
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 4

Expert Comment

by:pellep
ID: 6884240
You could accomplish the same thing by maintaining an apllication-scope list where you associate the servlet-engine generated sessionID's with a username as a user logs in. Then, each time a client accesses a page, do a lookup to see if the username and the sessionID of the current session match the sessionID in your list (ie the sessionID of the last session that logged in with the username in question). If they don't match, log the user out in teh current session. Make sense?

Regards/Par
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 6884253
What servlet engine?

For example IPlanet.. you have to:
http://www.scheck.nist.gov/manual/servlets/a-sess.htm#532146

CJ
0
 

Expert Comment

by:snehalkgandhi
ID: 6884892
hi
if u want only one user to login with the same name, then instead to going for session u can set a flag in the database. u set the flag in the database as "1" as soon as the user signs in. so next time from another system if the user tries to login check for the Flag, if it is set to "1" then don't allow him to signin. actually this is how i've done. it actually help. if go for session its a real pain to the server.
regards
Snehal
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:samantha
ID: 6886549
Thanks, guys.

pellep,

I thought about your way. But if my site will serve thousands of users, would application-scope variables  degrade the performance? If it won't, I think I will use your way.

cheekyci,
I am using Tomcat 4.0. Doesn it provide the Session Manager API like IPlanet? Could you point me to the right link?

snehalkgandhi,
Unfortunately, one of the requirment of my project is not to store this info on the server disk or database.

Thanks again,
0
 
LVL 19

Accepted Solution

by:
cheekycj earned 100 total points
ID: 6886591
0
 
LVL 2

Expert Comment

by:coreyit
ID: 6888003
The one downside I see to pellep's idea is that application scope variables won't die with the session. This means that, without a log off or similar action, or some sort of timer-driven event to clean up old records, your list will continue to grow until you bounce the server (or otherwise clear the relevant application attributes). Note that, even with a "log off" button, many users will simply close the browser, etc. Oh, another possibility is binding a user session bean object to the session with HttpSessionBindingListener. This would allow you to release any held resources when the session is about to die by way of the objects valueUnbound method. Pretty handy stuff really and I've had success with that in Tomcat 4.0.

In a similar vain to pallep's idea, if you were happy to only support users that accept session cookies, you could implement your control by setting a cookie of your own. This is of course exactly what your servlet engine is doing, unless it finds that the user does not accept cookies.

One more drawback all around: If a user logs on with one browser, and then spawns a new browser window *from* that first one (eg. File... New... Window), the two browsers actually share the same session. This may not be a problem some how, but definitely allows a user to make changes from more than one browser.

-corey
0
 
LVL 2

Expert Comment

by:coreyit
ID: 6888006
ah jeez,
sorry for the misspelling pellep.

-corey
0
 

Author Comment

by:samantha
ID: 6889525
Thanks again, guys.

I give the point to cheekyci because his answer is more close to what I originally asked.

But all your answers are excellent and helpful.
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 6891057
Glad I could help.  Thanx for the "A"
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Stuck in Bootstrap WysiHtml Editor 3 45
unit test DAO layer 1 149
login jsp example 24 105
designing in object programming 12 131
We asked our MSP customer base what their favorite tools were and how they help them serve clients. We focused our questions on favorite tools in the following categories: >PSA tools >RMM tools >Alert management tools >Communication tools and Mo…
When the s#!t hits the fan, you don’t have time to look up who’s on call, draft emails, call collaborators, or send text messages. An instant chat window is definitely the way to go, especially one like HipChat. HipChat is a true business app. An…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question