Session management in desktop application

Hi Experts,

I am working on an application, client of which is a desktop application written in Java. The server is written usng ejbs and runs in clustered environment. The clients connects to the server using RMI.

Please suggest a good approach for managing user session in such an application.

Please let me know if you require any other inputs.

Thanks in advance,
Who is Participating?
mrjoltcolaConnect With a Mentor Commented:
How familiar are you with how the session stores are implemented in JEE app servers?

I think you can safely take the same approach as when using an app server provided session management in a HTTP application. How are you currently doing authentication for your RMI? You can implement a session store inside that mechanism.

If you are running ejbs, you are already using a JEE stack, so there is a session management API at your disposal. I have not done it with RMI, but I imagine it is possible to apply it to your RMI. Not being an RMI pro, I cannot say for sure, so hopefully a guru will correct me if I am wrong.

Have you read about JAAS? It may give you some guidance.

If not, consider for yourself how difficult it will be to create your own session store after the typical model. For example, when a new user connects, a new, randomly hashed JSESSIONID is created and a cookie is sent to the client browser, or either it is appended to the URL. Once the user authenticates, you set a state variable in the session store for that id, and an activity timeout counter.

Now, there is another issue, regarding session clustering (or distributed sessions). In a clustered environment, it is important to know how your request pipelining is done. If your requests are round-robin, with no node affinity (we also call it non-sticky), then all nodes must be aware of the session id and must also be able to serialize session objects across nodes, or you could simply implement the session store as an ejb as well. If, however, you are using something on the front end, such as a Cisco Local Director with sticky port, then all requests will usually go to the same cluster node, so there is no need for session clustering.

I imagine, the simplest approach will be to use the session API of the JEE stack you are running on.

Here are some links regarding an approach.

mnrzConnect With a Mentor Commented:
If I understand you correctly you can use a stateful session bean to manage a virtual session for the user. each user should first call a method in your stateful bean and if authenticated you can assign a session id and return it to the client and client should send it back on calling any other service
if this stateful SB has been destroyed then the unique session id will be invalid
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.