42
[OCP 21 book] | [OCP 17 book] | [OCP 11 book] | [OCA 8 book] [OCP 8 book] [Practice tests book] [Blog] [JavaRanch FAQ] [How To Ask Questions] [Book Promos]
Other Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, TOGAF part 1 and part 2
Originally posted by Jeanne Boyarsky:
You have to be careful with this. What if I close the browser window and try to log in again? My original session still exists and has not been invalidated. Do you want the user to have to wait 30 minutes to have to get back in?.
I would add an "are you sure" type mechanism if the user tries to log in again. If he really wants to log in, you could invalidate the first (inaccessible) session
Originally posted by sunitha ragam:
can u pls explain what is that "are you mechanism.
Co-author of SCMAD Exam Guide, Author of JMADPlus
SCJP1.2, CCNA, SCWCD1.4, SCBCD1.3, SCMAD1.0, SCJA1.0, SCJP6.0
Prakash Dwivedi (SCJP2, SCWCD, SCBCD)
"Failure is not when you fall down, Its only when you don't get up again"
I would add an "are you sure" type mechanism if the user tries to log in again. If he really wants to log in, you could invalidate the first (inaccessible) session
Originally posted by Pradeep Bhat:
Could you please tell me how to invalidate the previous user session? How do you get hold of the previous session id?
[ January 29, 2004: Message edited by: Pradeep Bhat ]
Co-author of SCMAD Exam Guide, Author of JMADPlus
SCJP1.2, CCNA, SCWCD1.4, SCBCD1.3, SCMAD1.0, SCJA1.0, SCJP6.0
Originally posted by Ko Ko Naing:
Using external resources like database.. But I believe that it's not an efficient way.....
Originally posted by Pradeep Bhat:
Could you please tell me how to invalidate the previous user session? How do you get hold of the previous session id?
[ January 29, 2004: Message edited by: Pradeep Bhat ]
- Varun
Originally posted by Varun Khanna:
How about this ...
Moment the user logs-in and a session is created for the user, put the session object in the servlet context against the userId "String".
Now if the user tries to re-login, before creating the session try to see if there is any session object against that user-id "String" in servlet context, and if there is .. invalidate that session and create a new session.
Originally posted by Pradeep Bhat:
You mean to say that storing session id in database? How will it work?
How do I get the session using a session id?
[ January 29, 2004: Message edited by: Pradeep Bhat ]
Co-author of SCMAD Exam Guide, Author of JMADPlus
SCJP1.2, CCNA, SCWCD1.4, SCBCD1.3, SCMAD1.0, SCJA1.0, SCJP6.0
Originally posted by Pradeep Bhat:
Ko Ko,
Consider
1. User logs in
2. Database updated to logged status
3. Application server crashes
4. user tries to log in again
5. User cannot login because of the logged status (of course we could clear teh flags when the app server starts)
Co-author of SCMAD Exam Guide, Author of JMADPlus
SCJP1.2, CCNA, SCWCD1.4, SCBCD1.3, SCMAD1.0, SCJA1.0, SCJP6.0
Originally posted by Ko Ko Naing:
That mechanism can make sure that the system will invalidate the user's previous session, create a session and associate with the user as a newly created session... We are not supposed to wait until the session time out to login again... Hope it helps....
Originally posted by sunitha ragam:
I know that but the que how to invalidate prev session in an efficient way
which no one could'nt answer till now.
Co-author of SCMAD Exam Guide, Author of JMADPlus
SCJP1.2, CCNA, SCWCD1.4, SCBCD1.3, SCMAD1.0, SCJA1.0, SCJP6.0
[OCP 21 book] | [OCP 17 book] | [OCP 11 book] | [OCA 8 book] [OCP 8 book] [Practice tests book] [Blog] [JavaRanch FAQ] [How To Ask Questions] [Book Promos]
Other Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, TOGAF part 1 and part 2
Originally posted by Ko Ko Naing:
Simply use request.getSession().invalidate(); or it will be automatically invalidated by the web container after the session time out... What we set in the database is just a flag to show that the the user did not log out in the past.... The session might already be invalidated a long time ago... Hope it is clear...
Originally posted by Jeanne Boyarsky:
I would create a map (in application scope) with the username as a key and the session as a value. A session listener could be used to delete the session from the map when the session is invalidated or timed out..
Co-author of SCMAD Exam Guide, Author of JMADPlus
SCJP1.2, CCNA, SCWCD1.4, SCBCD1.3, SCMAD1.0, SCJA1.0, SCJP6.0
Originally posted by sunitha raghu:
I think instead of going to db and setting the flag and all stuff which hits the performance, its better to get the ip and then invalidate
Hope its clear to you.
Co-author of SCMAD Exam Guide, Author of JMADPlus
SCJP1.2, CCNA, SCWCD1.4, SCBCD1.3, SCMAD1.0, SCJA1.0, SCJP6.0
Originally posted by Ko Ko Naing:
Well if u r going to use the volatile variables, what if ur web app is down? U might want to have a look at my post above about it... Anyway, this discussion is some kind of worthy one... Let's try to solve it till we get the most reasonable answer...
[OCP 21 book] | [OCP 17 book] | [OCP 11 book] | [OCA 8 book] [OCP 8 book] [Practice tests book] [Blog] [JavaRanch FAQ] [How To Ask Questions] [Book Promos]
Other Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, TOGAF part 1 and part 2
Politics n. Poly "many" + ticks "blood sucking insects". Tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
|