• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 531
  • Last Modified:

Kill the old session

Suppose user has logs in the site (IE) using a username "abc". Then he opens another window in the same machine and logs in with the same username ("abc"). Currrently what is happening is that  user is able to work in both the sessions. But our project requirement is that the previous session should be killed. Is there any way I can do this.
0
thomas908
Asked:
thomas908
  • 5
  • 5
  • 4
  • +5
5 Solutions
 
objectsCommented:
depends how they open the other window. If its a new instance of IE then it is a completely different session.
Sounds like you need to track all sessions, and the IP address that created them and check for any existing session with same ip. This however won't work thru firewalls etc as you won't know the actual ip of your user.
0
 
suprapto45Commented:
I think that you need to *trick* it.

You could use the timestamp specific to each client in your DB. So for example, user A logs in to IE instance no 1 at 10.00 AM, write the current date and time to user A field, also store this value into a session. If user A logs out, this field will be cleared. However, if user A logs in again to IE instance no 2 at 11:00 AM, write the field in DB again so now it is 11:00 AM. Now, if user A tries to do anything in IE instance no 1, you could write a Filter / Listener that will check whether the session stored (10.00 AM) is the same as value in DB (now is 11.00 AM). If not, invalidate the session.

That is my way ;)

David

0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
suprapto45Commented:
However,

It will break if it is not a new instance of IE, if you use the File > New Windows, as the session is shared, this logic will break.

David
0
 
objectsCommented:
Problem is two IE instances running on the same box is really no different to two instances running on different boxes.
0
 
KuldeepchaturvediCommented:
is it two sessions from same machine thats a problem or is it the "SAME USER" in two sessions thats the problem??

if the requirement is that same user can not log in to two sessions as a given time than the easy way is to check whether the same user id have any current session in the system. if it does than you should be killing it...

how you want to track the user id is a problem that can be solved in different ways ( having a temporary table is one example)..
0
 
thomas908Author Commented:
>>http://www.experts-exchange.com/Programming/Programming_Languages/Java/Q_20507815.html?query=invalidate+in+session&clearTAFilter=true

My problem is complete different from this. i have to invalidate a session from another session (same user, 2 windows[windows are NOT opened by ctr+n, session in first window needs to be invalidated] )
0
 
suprapto45Commented:
If it is not Ctrl+N, it means that the session is not shared, I think that my solution is still doable. I have never tested it by myself but logically it is possible. Am I right? :)

David
0
 
thomas908Author Commented:
>> depends how they open the other window. If its a new instance of IE then it is a completely different session.

Other window is opened by clicking on the IE icon in the taskbar, hence 2 different sessions.
0
 
objectsCommented:
> My problem is complete different from this. i have to invalidate a session from another session (same user, 2 windows[windows are NOT opened by ctr+n, session in first window needs to be invalidated] )

then you'll need to maintain a list of sessions. perhaps using a SessionListener

0
 
thomas908Author Commented:
>>then you'll need to maintain a list of sessions. perhaps using a SessionListener
I can maintain a list of sessions but how to logout previous session of user from current session.
0
 
objectsCommented:
once you've found the session call:

session.invalidate();
0
 
KuldeepchaturvediCommented:
stamani have given a very good link 3 posts above. I think that should be solving your problem..
0
 
thomas908Author Commented:
>> stamani have given a very good link 3 posts above. I think that should be solving your problem..
Thanks
Stamani's link works but the problem is that is also works when the user logs in with the same name from differnet machines. We don't want it to work in that case (as the behaviour is different in that case). When the same user logs from different machine the second one is disallowed and first one continues to be logged in. So for the second user MaxUserException is thrown. This is automatically done by the proprietory framework that we are using and is not done at the portal end. We only need to handle the above mentioned problem at portal end
0
 
KuldeepchaturvediCommented:
Hmm....
So only way is that in the session their has to be something that gives the identification of the machine... like IP of the machine or something else on similar note.

IP of the machine can be obtained by using getRemoteHost(), but if the user is behind a proxy or firewall then you will have trouble with it...

but other than proxy & firewall you should be able to use either getRemoetHost(), or getRemoteAddr(); should do the trick..
0
 
KuldeepchaturvediCommented:
Another way is to set a cookie on the response with something unique in it..
if the request contains the cookie in it, you would know that its coming from the same machine ( you will have to couple this technique with stmani's trick of tracking a session)..
0
 
actonwangCommented:
hi,thomas908,

         Here is the way I think you can adopt to resolve your problem.
         You have to have a subsystem to track all your user's session. Basically you have a table or as such to hold information for (client, time,session). During the log in process, you can check on this table to see if user has already logged in, if there is a session existing, you can session.invalidate() and create a new session.
         I assume that session comes with each log in here. This should be a reasonable assumption and you can modify it depending on your concrete situation.

Enjoy :)
Acton

       
0
 
milance445Commented:
<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core" %>
<c:remove var='username' scope='session' />
0
 
thomas908Author Commented:
Thanks everyone.
0
 
objectsCommented:
no worries :)
0
 
suprapto45Commented:
;). Glad I could help

David
0
 
rrzCommented:
The accepted answer here  points to a very old page.  We have a better solution now.  
suggested by objects
>using a SessionListener
0
 
actonwangCommented:
>>the accepted answer here  points to a very old page.  We have a better solution now.  
suggested by objects
>using a SessionListene

look carefully to the question. You have to maintain a list of sessions to do the job. SessionListener helps to some extent  but not all ...

0
 
rrzCommented:
acton, you are right.  
Really all that is necessary is to include the following on  JSP ( taken from codeguru's code at the link at accept answer above).

<%
 Hashtable activeSessions = (Hashtable)application.getAttribute("activeSessions");
 if(activeSessions == null)application.setAttribute("activeSessions",new Hashtable());
 String userName = request.getParameter("userName"); //Should have a session attribute but for testing I use parameter.
 if(userName == null)userName = "no name";              
 HttpSession activeSession = (HttpSession)activeSessions.get(userName);
 if(activeSession != null && session != activeSession){
                              activeSession.invalidate();
                              activeSessions.put(userName,session);
 } else activeSessions.put(userName,session);    
%>
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 5
  • 5
  • 4
  • +5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now