Session management in desktop application

Hi Experts,

I am working on an application, client of which is a desktop application written in Java. The server is written usng ejbs and runs in clustered environment. The clients connects to the server using RMI.

Please suggest a good approach for managing user session in such an application.

Please let me know if you require any other inputs.

Thanks in advance,
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

How familiar are you with how the session stores are implemented in JEE app servers?

I think you can safely take the same approach as when using an app server provided session management in a HTTP application. How are you currently doing authentication for your RMI? You can implement a session store inside that mechanism.

If you are running ejbs, you are already using a JEE stack, so there is a session management API at your disposal. I have not done it with RMI, but I imagine it is possible to apply it to your RMI. Not being an RMI pro, I cannot say for sure, so hopefully a guru will correct me if I am wrong.

Have you read about JAAS? It may give you some guidance.

If not, consider for yourself how difficult it will be to create your own session store after the typical model. For example, when a new user connects, a new, randomly hashed JSESSIONID is created and a cookie is sent to the client browser, or either it is appended to the URL. Once the user authenticates, you set a state variable in the session store for that id, and an activity timeout counter.

Now, there is another issue, regarding session clustering (or distributed sessions). In a clustered environment, it is important to know how your request pipelining is done. If your requests are round-robin, with no node affinity (we also call it non-sticky), then all nodes must be aware of the session id and must also be able to serialize session objects across nodes, or you could simply implement the session store as an ejb as well. If, however, you are using something on the front end, such as a Cisco Local Director with sticky port, then all requests will usually go to the same cluster node, so there is no need for session clustering.

I imagine, the simplest approach will be to use the session API of the JEE stack you are running on.

Here are some links regarding an approach.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
If I understand you correctly you can use a stateful session bean to manage a virtual session for the user. each user should first call a method in your stateful bean and if authenticated you can assign a session id and return it to the client and client should send it back on calling any other service
if this stateful SB has been destroyed then the unique session id will be invalid
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Java EE

From novice to tech pro — start learning today.