• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Liutauras Vilda
  • Campbell Ritchie
  • Tim Cooke
  • Bear Bibeault
  • Devaka Cooray
Sheriffs:
  • Jeanne Boyarsky
  • Knute Snortum
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Ganesh Patekar
  • Stephan van Hulst
  • Pete Letkeman
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Ron McLeod
  • Vijitha Kumara

Ending a "specific" session  RSS feed

 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a JSP page that tracks all of the current sessions for administration purposes. Lets say that I currently see 5 active sessions (5 users on my website). Session #1 has sessionID: aki31Y5Uy45d. I want to know how can I manually end session #1.
I tried application.removeAttribute("aki31Y5Uy45d") but it did not work.
[ October 16, 2003: Message edited by: Steve Su ]
 
author & internet detective
Sheriff
Posts: 38571
661
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Steve,
You can use session.invalidate() to do that.
 
Ranch Hand
Posts: 1561
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Originally posted by Jeanne Boyarsky:
Steve,
You can use session.invalidate() to do that.


Yes, and the container takes care of the current session you're working on, so you don't have to deal with sessionIDs
 
Ranch Hand
Posts: 218
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think Steve wants to invalidate one session out of 5 active sessions present in the container through a seperate JSP program which is monitoring the active sessions. Is that possible with session.invalidate() ?
-Sainudheen
 
Andres Gonzalez
Ranch Hand
Posts: 1561
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Originally posted by Sainudheen Mydeen:
I think Steve wants to invalidate one session out of 5 active sessions present in the container through a seperate JSP program which is monitoring the active sessions. Is that possible with session.invalidate() ?
-Sainudheen


session.invalidate() invalidates the current session associated with *that* request.
 
ranger
Sheriff
Posts: 17314
11
IntelliJ IDE Mac Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So Steve's question is still not answered. His JSP page is an administration page for the web server. Doesn't the Web server already have such a maintenance page?
I don't think that JSP or Servlets in this case should have security access to other people's sessions, that would be scary in the real world. That would mean I could go to someone's web server get a list of all the sessions and kill people's sessions that I don't even know. Good Hacking tool there.
Mark
 
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Steve,
There is a way of getting the HttpSession Object using the getSession(java.lang.String sessionID) method of the HttpSessionContext interface. You can also get the list of all session IDs using the getIDs method of the HttpSessionInterface.
But these methods are deprecated in the Servlet 2.1 API and would be removed from the future versions of Servlet API.
Cheers
Praveen
 
Steve Su
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Originally posted by Sainudheen Mydeen:
I think Steve wants to invalidate one session out of 5 active sessions present in the container through a seperate JSP program which is monitoring the active sessions. Is that possible with session.invalidate() ?
-Sainudheen


Yes, that is what I want to do, which I don't think session.invalidate() would work in this case. My purpose of doing this is to track down somebody who logged in, made change #1 to his cart, closes the browser without logging out, logs back in before his first session times out, makes change #2 to his cart, and this time logs out properly using the logout button (this is the only place where I am able to invalidate the user). I use HttpSessionBindingListener to update my DB (user's cart) when the user logs off. The problem with the above scenario is that change #2 will go into effect immediately, and then change #1 will go into effect when the user's first session ends (~30 min. later), which is the reverse of the user's intention (change #2 to be the final change). My solution around this was to track all of the users who currently has an active session. Once I caught a user trying to log in again before his first session ends, I will help end his first session (which will make the user's change #1 go into effect right away) and allow him to start a new session. The problems comes with trying to end a specific session out of a list of active sessions.
I could have accomplish the task if I was able to capture of closing of the browser event, but apparently after searching through JavaRanch and else where the propose methods do not work. For instance, onBeforeUnload would not work because in addition to closing the browser, refreshing the browser or leaving the browser would also trigger the onBeforeUnload event.
Sorry for being so lengthy!
Any suggestions?
 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Not sure if this is a good idea but definitely worked for us.
Create a data structure to store user information and add it to session during logon.
Add refereneces of session objects to a somekind of list (Arraylist) and store this list in Application object.
You now have access to all session objects and can call session.invalidate() on the selected session isntance and delete from list.
Make sure you delete the session instance from the list when the session times out using HttpSessionBindingListener
 
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
may be what you can do is add a listener so that your session object is persisted to the database each time an item is added/removed from the cart....
 
Mark Spritzler
ranger
Sheriff
Posts: 17314
11
IntelliJ IDE Mac Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think Sunil has a good idea. Maybe you can store a user_id in the session, then when you want to find which is their old session, you go through the sessions, find the one with that users id, then end that session. the sessions could be in an ArrayList holding their references.
Not positive if it will work, but sounds like a good idea.
Mark
 
(instanceof Sidekick)
Ranch Hand
Posts: 8791
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I recall working on a system that kept a db entry keyed by user identity (userid) and holding a session id. If you did the scenario above the first session would write a db entry with a session id, the second session would overwrite it with another session id. Only the current session id can do any updates, so if the first session attempted an update at expire time, it would not match the db entry and would be ignored. The effect our user saw was that if they logged on one machine, then walked across the office and logged on another, the first machine no longer worked.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!