• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Problem replicating ServletContext in the clustered environment

 
ashish abrol
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I want to prevent a user from login if somebody with the same username has already logged-in from other machine for security concerns. I have implemented the following using ServletContext object as below

/** ******************duplicate session validation***************** */
ServletContext sc = request.getSession().getServletContext();
HttpSession session = (HttpSession) sc
.getAttribute(authenticationFormBean.getLoginName());
if (session != null) {
logger
.info("duplicate session.Invalidating old session and creating a new session");
sc.removeAttribute(authenticationFormBean.getLoginName());

try {
session.invalidate();
} catch (Exception e) {

}
// creating new session and saving it in servlet context

} else {

logger.info("new request and creating a fresh session");

}
session = request.getSession(true);
sc.setAttribute(authenticationFormBean.getLoginName(), session);
/** **************************************************************** */


but the problem is that when I run this in a clustered environment since the application context is different on different application servers acting as nodes of a cluster this use-case fails. Is there any workaround for this problem.

If my understanding is correct ServletContext will be replicated across all cluster members wont be singleton across cluster...and since it is not singleton ServletContext will not synchronized between JVM...right?

thanks in advance,
Ashish Abrol
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If my understanding is correct ServletContext will be replicated across all cluster members


Clustering isn't covered in the servlet spec so, depending on which container you're using, your understanding may or may not be correct.
Tomcat, for instance, replicates session but not context objects.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic