As each user logs in to my site, I want to add him or her to a "global session" so, that on another JSP page, I can list all the users who are currently logged in. I also want to, using a meta refresh, keep this list up to date if a user either closes the browser or logs out. For example, if user one logs in then the page will have his or her name. When the second user logs into the site, then the page would list both users and so on. It seems that the HttpSession session API is within the same user's session, not a "gloabl" session for all users. Can what I want to do be done with HttpSessions or should I implement a database solution or other method to track all the logged in users? Thanks very much for any and all replies. -- Mike
If you want to share information between all sessions, then what you need is "application" scope. However, remember that your application is unlikely to ever know when a user has closed a session if they don't explicitly click some sort of "log off" button. A browser does not notify the server if the user goes to a different web site, closes a browser window, or shuts down a client computer. So don't expect to ever have an accurate notion of who is "currently logged in". Any time you see something like this on a web site it is largely guesswork.
Thanks much for your reply. Based on what you said, probably the best way to implement knowing if a user has "logged off" (closed browser or whatever) is to have a database that would store the last time the user's browser refreshed (via a meta refresh tag). If a timestamp in some database's table, for a given user, is longer ago than a certain interval, you would assume the user had "logged out" and remove him/her from the list of "logged in users". Of course, whether the user had really closed the browser or gone to lunch is unknown. What do you think of this approach? -- Mike
You can do this if you like, but you don't really need to. In essence, this is what the session mechanism does already. Take a look at the session event mechanism provided by your container, it's pretty easy to hook in an object whch implements javax.servlet.http.SessionListener and adds one to a count each time a session is created, and removes one each time a session expires or is destroyed. To make sure your information is as accurate as possible, make sure you offer diligent users a way to log out, and make sure your code destroys their session if they choose to log out.
Frank, In your reply, you mentioned that you could "hook" a seesion using HttpSessionListener. The code in "More Servlets and JavaServer Pages" has just such an example. However, what if I need to know "which" session went away (that is, so I can remove a particular user in the list of logged in users)? With a database implementation, I could know which user, and a wealth of other information. However, I don't want to re-invent the wheel, so to speak if all this can be done using the HttpSessionListner. Is this possible as well? I posted a note in the forum this morning about my issues using HttpSessionListner. I appreciate your help. Thanks. -- Jim
When a user logs in, put their user id in the Session. When that Session times out and the sessionDestroyed method is called on the listener, you can get the user id from HttpSessionEvent.getSession.getAttribute(), using the key of the user id. Be aware of two things I can think of that may cause a problem. If a user can log in twice, a time out of one session may not translate to all sessions being closed. If a user quits and logs back in without the first session timing out, you may not want to show the user as logged off once the first session time out event is fired.
Are you sure this would work? From reading Marty Hall's 2nd edition of Core Servlets, it says that once sessionDestroyed gets called, all the attributes are already gone. Thus, sessionDestroyed() is only good for session counts and such. Have you tried what you're suggesting? It sounds interesting, but I couldn't get anything like this to work with sessionDestroyed(). Look forward to your reply. -- Mike
Krishna, JavaRanch is a community of people from all over the world, many of who are not native English speakers. While using abbreviations like "u" instead of spelling out "you" is convenient when text messaging your friends on a cell phone or in a chat room, it presents an extra challenge to those that are already struggling with English. I would like to ask for your help in making the content of JavaRanch a little easier to read for everybody that visits here by not abbreviating such words. thanks, bear JSP Forum Bartender
Ok, just my 2 cents. This is what I did to accomplish an update in the database that a user has logged off/session has ended.
And where is this? I have a UserBean.java file that implements the HttpSessionListener. When a user logs in, I instantiate this bean, fill it with user info, and put it in the session. So when the session dies, and the object is lost or "valueUnbound" this is what happens. Hope this gives you a start if this is indeed what you are looking for.
Tracking/counting/timing 'things' can easily be done with JAMon. I have used JAMon to track page hits by user, and with this you can also track when was the last time the user executed a page request. This can be done with servlet filters. You can see servlet filters in action with JAMon by going to the following address. Note in this filter all file access is monitored (i.e. jpg, jsp, servlets, html, gif's etc.), but you could easily add page hits by user. I think the couple lines of code needed to monitor your Web app with JAMon are the most important lines in any web application. I have also monitored by sessions and code for this is also available. In general I have found my users logout via the logoff button only 5% of the time. Also JAMon couldn't be easier to use. Here are links that will help: http://www.jamonapi.com - JAMon home page. http://ssouza.kgbinternet.com/fdsapi/JAMonAdmin.jsp - JAMon live demo http://jamonapi.sourceforge.net/#SampleCode - Sample servlet filter and session monitor code The full JAMon demo can be run from http://www.fdsapi.com and selecting live demo.