• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Session management configuaration Issue

 
Ranch Hand
Posts: 109
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I have implemented session management so I am handling it programatically in my Servlet. After deploying my application on the WAS server the problmes are,

1) It is working perfectly if I open single browser. after say 2 min of idle time session is expiring and redirecting user to login screen.

2)If I open two browsers simultaniously with the same user name user session is never expiring it is keep on extending even I keep one browser idle, If you keep two browsers idle for 2 min session is expiring and it's working fine,I think it's sharing the session internally. What could be the reason?

3)Could you please tell me how can I configure my session management on websphere 5.x server. I am caluculating the idle time my self and invalidating session my self after some idle time.

4)Why session management is not working if more than one user is using the application.? (But it's working nice for single user at a time)

Many thanks,
Sirish
 
Ranch Hand
Posts: 4864
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Don't use multiple windows of Internet Explorer on the same system to test sessions. The way the Internet Explorer handles cookies makes it so multiple windows are actually sharing the same J2EE session. Firefox on the other hand will treat multiple windows as different sessions.
 
Sirish Kumar Gongal Reddy
Ranch Hand
Posts: 109
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Merrill,

Thanks for your reply!

I am not using cookies to handle the session. Even if I tried to test from two different systems with the same login id but still it's not working. If you keep idle two system for say 2 min session is getting expired if you keep one system idle and keep working on on the other system session is not expiring.

Do I need to customize my settings at server level and .ear file level on Websphere server?

Many Thanks,
-Sirish
 
Merrill Higginson
Ranch Hand
Posts: 4864
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Sirish Kumar Gongal Reddy:
I am not using cookies to handle the session.


You may not think you're using cookies, but behind the scenes, WebSphere uses cookies to keep track of sessions. The only time this may not be the case is if you've turned off cookies entirely in your browser and you've configured WebSphere to use URL rewriting instead of cookies in session management.

Regarding why activity on a window in one system keeps the session on another system alive, this may be due to the fact that you're invalidating the session yourself after a certian period of time rather than configuring a timeout value through WebSphere or through the J2EE APIs.

There are three ways to configure session timeout values:
  • In the WebSphere admin console for all web applications on that server by selecting Servers--Application servers--server_name--Web container settings--Session management
  • Programatically with the statement: session.setMaxInactiveInterval(1800);
  • In the web.xml file in your web application
  • In the last option, the entry will look like this:

    [ July 02, 2007: Message edited by: Merrill Higginson ]
     
    Sirish Kumar Gongal Reddy
    Ranch Hand
    Posts: 109
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    Hi Merrill,

    Many thanks for your reply with clear explanation.

    May be due to the fact that you're invalidating the session yourself after a certian period of time rather than configuring a timeout value through WebSphere or through the J2EE APIs.



    I am invalidating user session after some idleTime. and I am caluculating user idle time my self by taking sessionCreatingTime() and lastAccessedTime(). If user is exceeds his assigned time in the Database simply I am redirecting him to login page by giving an alert.

    Why I am using this is the session interval for each user is diffenet I need to maintin session based on user role. some user will have 30 min of sessino and some have 1 hr like that. session interval is not common for entair user.

    Can't I invalidating the session yourself after a certian period of time?

    Thanks a lot!
    Sirish
     
    Merrill Higginson
    Ranch Hand
    Posts: 4864
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator

    Originally posted by Sirish Kumar Gongal Reddy:

    Can't I invalidating the session yourself after a certain period of time?


    Yes, you should be able to do this. I have doubts, though, about the validity of some of your tests. For example, you say it doesn't work if you sign on to a different system with the same user ID. Aren't you resetting the clock based on the user id? Should it be any surprise that the clock is reset when you sign on again as the same user? I've never used this mechanism before, so I don't know much about its idiosyncrasies and I'm afraid I can't be much help in debugging it.

    A mechanism is already in place to do this through the J2EE API, so why not use it? You say your method is not working, so why not use the standard method? Just call session.setTimeoutValue(). This call only affects the current active session without affecting any others.
    [ July 03, 2007: Message edited by: Merrill Higginson ]
     
    Liar, liar, pants on fire! refreshing plug:
    a bit of art, as a gift, the permaculture playing cards
    https://gardener-gift.com
    reply
      Bookmark Topic Watch Topic
    • New Topic