Solved

Java Session Management

Posted on 2011-03-25
11
474 Views
Last Modified: 2012-06-27
hi,
Im looking for Session management using java....

Eg. Im Mr.A
I login from X computer so it shouldnt allow anyone else to login from another computer using my username...
Also if Admin kills my session which im using on X computer i shouldnt be allowed to post anything and logout automatically.


Kindly suggest.
0
Comment
Question by:CCBRONET
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 8

Expert Comment

by:colr__
ID: 35216357
To enable to admin kick-out, limit your access to the session object to soemthing like the following:

public HttpSession getMySession(){
     if (adminHasKickedMeOut){
          sendmMeSomewhere();
     }
     
}

So everywhere you need tio get holdof the session, use this method instead of the standard HttpRequest.getSession();

As for enabluing only one login frmo a username at a time - use a HttpSessionListener. Keep a singleton object that maintains a list of users who are currently logged in. Then when a new user logs in, in the HttpSessionListener - check the logging in user with the list alrerady present in the singleton. If the username already exists, kick the new user out.

With this method you'll need to make sure and maintain the list of logged in users in the singletong, by making sure and removing users once they log out etc.
0
 
LVL 20

Expert Comment

by:Sathish David Kumar N
ID: 35216884
I have lot of question from your question??

Mr.A is login in one pc. why should you disclose user name and password to every one.

As per I know that's not possible to lock once you login because each system will create different session id for same user !!

But you can do with other way !!

Take one extra field in table with the column name say "IsLoggedIn" as bit field and set it to true until the user is logged in. As soon as user logs out set it to false. This need to be done for session expiry time also. As soon as the session expires this field should be set to false automatically using triggers or thru SP call
0
 
LVL 27

Expert Comment

by:rrz
ID: 35217257
colr's idea of using a listener is good. But I would use an application-scoped Hashtable.  This could be created in the init method of a Servlet that is configured to be loaded on start up. The keys of the table could be the usernames and the values being their Sessions.  That way the Admin can have access to a user's session.
Your log-in code could check the table to see if username is already logged-in. Your log-out code or the Admin can invalidate the user's session. In the sessionDestroyed method of the HttpSessionListener, you can remove the username from the table.  
The only problem with this approach is that the user will be locked out if he closes his browser without logging out. He will have to wait until his session times out. Only then will he be able to log-in again.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 20

Expert Comment

by:Sathish David Kumar N
ID: 35217348
@rrz@871311:
>>>>>>>>The only problem with this approach is that the user will be locked out if he closes his browser without logging out. He will have to wait until his session times out. Only then will he be able to log-in again.

you are right , But again your open time you have option like killing the old session thats the best

eg:

if again that same user login again (think the user close the browser without logout)

that time browser will ask already existing useer deatils . you can logout that time . but we want to get the ideal time .
0
 
LVL 20

Expert Comment

by:Sathish David Kumar N
ID: 35217358
or you can get the IP address !
0
 
LVL 20

Expert Comment

by:Sathish David Kumar N
ID: 35217383
>>>>>>colr's idea of using a listener is good.But I would use an application-scoped Hashtable.  This could be created in the init method of a Servlet that is configured to be loaded on start up. The keys of the table could be the usernames and the values being their Sessions.

sorry if you use in another pc means ur session id will diffrent right then  how you will use that??
0
 
LVL 27

Expert Comment

by:rrz
ID: 35217500
>you are right , But again your open time you have option like killing the old session thats the best  
If the user closes his browser then the Session id is lost on client-side.  
>or you can get the IP address !  
We could use a Filter for that. A listener can't do it.  
>sorry if you use in another pc means ur session id will diffrent right then  how you will use that??
I suggested that we use usernames as keys in the table. The log-in code will check if the table contains username.
0
 
LVL 20

Expert Comment

by:Sathish David Kumar N
ID: 35217636
i didnt understand thats y i ask that question . dont mind!
0
 

Author Comment

by:CCBRONET
ID: 35398609
ny help pls
0
 
LVL 27

Accepted Solution

by:
rrz earned 500 total points
ID: 35404591
I wrote some demonstration code. It just shows the basic functionality. I created usersTable in the listener to make it easier. I use the Servlet 3.0 API annotations. If you are using Servlet 2.5 API or older then you must register the listener in your web app's web.xml file. For this test I used the Date string instead of creating different usernames.
To test, just browse to the JSP and then close your browser. Do that a number of times. You should see the table grow and shrink in size as the  number of sessions are created and destroyed.   This should get you started. If you have any questions, then ask us here.  
package rrz;   
import java.io.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.servlet.annotation.WebListener;
@WebListener
public class TestListener implements HttpSessionListener , Serializable {
  ServletContext application = null;
  public void sessionCreated(HttpSessionEvent event) {
           System.out.println("sessionCreated in TestListener");
           application = event.getSession().getServletContext();
           if(application.getAttribute("usersTable") == null){
                     application.setAttribute("usersTable", new Hashtable());
           }
           Hashtable<String,String> usersTable = (Hashtable)application.getAttribute("usersTable");
           System.out.println("usersTable==" + usersTable);
  }
  public void sessionDestroyed(HttpSessionEvent event) {
      System.out.println("sessionDetroyed in TestListener");
      Hashtable<String,String> usersTable = (Hashtable)application.getAttribute("usersTable");
      String id = event.getSession().getId();
      if(usersTable.containsValue(id)){
            Set<Map.Entry<String,String>> set = usersTable.entrySet();
            for(Map.Entry entry : set){
                 if(entry.getValue().equals(id)){
                      usersTable.remove(entry.getKey());
                      break;
                 }
            }
      }
      System.out.println("usersTable==" + usersTable);
  }
}

Open in new window

The JSP can be
<%@ page import="java.util.*" %>
<%
  session.setMaxInactiveInterval(30);// 30 seconds for testing
  Hashtable usersTable = (Hashtable)application.getAttribute("usersTable");
  usersTable.put(new Date().toString(), session.getId());
%>
UsersTable is <%=usersTable%>

Open in new window

0
 

Author Closing Comment

by:CCBRONET
ID: 35704793
jioujiuj
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Desingning Refactoring existing code 2 31
Which non-HTML GUI front end to use with Java? 3 52
Bot application - advice 3 61
DTD and JAVA versions 1 31
Are you developing a Java application and want to create Excel Spreadsheets? You have come to the right place, this article will describe how you can create Excel Spreadsheets from a Java Application. For the purposes of this article, I will be u…
Java functions are among the best things for programmers to work with as Java sites can be very easy to read and prepare. Java especially simplifies many processes in the coding industry as it helps integrate many forms of technology and different d…
Viewers learn about the “for” loop and how it works in Java. By comparing it to the while loop learned before, viewers can make the transition easily. You will learn about the formatting of the for loop as we write a program that prints even numbers…
This tutorial explains how to use the VisualVM tool for the Java platform application. This video goes into detail on the Threads, Sampler, and Profiler tabs.

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question