Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Session in Servlets.....Interesting  RSS feed

 
Saravanan Viswanathan
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi
Suppose a user logs in in a system(machine 1) i create a HttpSession and allow him to go thru the site.Suppose he logs in again in another system then also he should be allowed to login.But the session which he had first(machine 1) should get expired.Hez no more authenticated in machine 1.This is the thing that i am in need of.Explain me how this can be done.I am not using beans for this.All i do is with HttpSession alone.
Wishes
Saravanan.
 
Tim Holloway
Bartender
Posts: 18531
61
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The servlet session object is tied to a particular Java Virtual Machine - even on the same computer, a different instance of a server will be using different session objects.
This is a real problem for people running clustered servers, and they look to their vendors for specific solutions.
If you are actually running distinct servers (not just cluster clones), you'd have even more of a problem. To handle this, you need to be able to reference a common object such as a database -- preferably something with low overhead, since you'll be querying and possibly updating it for every HTTP request.
 
Bill Siggelkow
Ranch Hand
Posts: 57
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As stated the session is not specific to a user, but to the browser. First of all, you need to consider what is realistic and what situations you really need to handle. Personally, if I were logged via two browsers to the same web app, I would *not* expect to be sharing the same session.
However, if you really want the behavior you stated, you may be able to implement this behavior you described by doing the following ...
1. Keep a hashtable of logged in users in the servlet context (application-scope) with a reference to that user's HttpSession
2. When a user logs in, see if there is an entry in the hashtable
3. If not, create one, placing a reference to the session in the hashtable keyed on the user id
4. If there is an entry, invalidate the session referred to by the entry, then create the new entry as in (3)
5. Also, you will need to clean up the hashtable when either a user logs off or the session is invalidated by the container ... the Servlet 2.3 spec contains lifecycle events that can be used for this.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!