Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Session Management

 
Anand Gondhiya
Ranch Hand
Posts: 155
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Can anybody explain how exactly you would stop user accessing the information once he has logged out ?

I know that you can do session.invalidate(). but it doesn't work for me or I don't know how exactly to use it.

Could anybody explain little bit and give example for this ?

Thanks
-Anand.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I do it by putting an object in session when the user logs in.
Then, using a filter, I check for the existence of that object in all of the pages. If the object is null, which it will be if the session gets invalidated, then I redirect them to the login page.
 
Anand Gondhiya
Ranch Hand
Posts: 155
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can you give the piece of code for this ??
Also , I am not aware of this "filter"

Could you give little more details ?

I appreciate your help thanks
 
Rick Beaver
Ranch Hand
Posts: 464
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are you using JSP? If so you can use session.setAttribute() to store some object in the session you can reference later.

For example once someone has logged in successfully you could do:



or whatever

then on each page you want to secure content for just do something like:



That should work.
 
Anand Gondhiya
Ranch Hand
Posts: 155
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
And, when somebody logs out , do this:

session.setAttribute("loggedin","no") or session.setAttribute("loggedin",null) ??
 
Eugene Lucash
Ranch Hand
Posts: 77
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There is another issue on Session management

you can make class like this

package webapp;
import javax.servlet.http.*;
public class SessionListener implements HttpSessionListener {
public SessionListener(){}
public void sessionCreated(HttpSessionEvent sessionEvent) {
HttpSession s = sessionEvent.getSession();
//here you can do something when session is created
}
public void sessionDestroyed(HttpSessionEvent sessionEvent) {
HttpSession s = sessionEvent.getSession();
//here you can do something when session is destroyed
}
}

and register this listener in web.xml
<web-app>
......
........
<listener>
<listener-class>webapp.SessionListener</listener-class>
</listener>
..........
....
</web-app>

Hope this will give some insights
[ February 24, 2005: Message edited by: Eugene Lucash ]
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Anand Gondhiya:
And, when somebody logs out , do this:

session.setAttribute("loggedin","no") or session.setAttribute("loggedin",null) ??


All you really need to do is invalidate the session and all the attributes will be destroyed.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic