Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

update database when session got invalidated

 
Lokendra Shekhawat
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi friends, I am new to this site. this is my first post.
i have a question. i am working on my college project and i got problem.

so here is the senerio: i created a table 'users' which contain some columns. including security_check, its default value is logged_out.

so here is my question. whenever a user login i set this column value for that particular user to logged_in, so that the same login details can't be used twice. and i set it back to its default value which is logged_out.


Now here is the problem when a user log in and closes his browser, then still the column value for security_check is logged_in.

i want to know how can i set Security_check column value to default when user closes its browser.

for more information: i am using session to validate user is every page.
Please reply.
 
Brett Maclean
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There are a couple of options you could think about. The first might be to use client side code (i.e. Javascript) to catch those types of events and then trigger the appropriate database update. The issue with that may be making sure in the client code you can identify which user has logged out.

The better option might be to use an HTTPSessionListener (see javax.servlet.http.HttpSessionListener) that will update your database table when a session is destroyed. If you are using the HttpSession to determine authorisation etc. then this might be the better choice.

HTH


 
Jan Cumps
Bartender
Posts: 2602
13
C++ Linux Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What some applications (say: SAP) do, is,

when you log on, and it seems that you still have a log on active,
it allows you to choose:

a - stop this new log on : the new session closes.

b - stop the old log on, and allow the new session:
From that moment on, if the old session would still exist, the system would reject all activity in the old session, and only requests of the new session would be handled.
 
Lokendra Shekhawat
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I already tried HttpSessionListener and written the code in its session destroy method to update the database table. but its not working.

i will give the code of HttpSessionListener class. after sometime.
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34973
379
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Lokendra Shekhawat wrote: but its not working.

You'll want to elaborate on what "not working" means. It's supposed to work so the exception or details would help figure out why.
 
Shailesh Narkhede
Ranch Hand
Posts: 368
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Lokendra,
welcome to javaranch.

you are logging out by,
1) Using some link or button or
2)By simply you are saying you close browswer window?

because when you close browser window HttpSessionListener methods not getting called.

 
Lokendra Shekhawat
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry for late.
here is the senerio:
i am using database to store user details including username and password.(also Security_check column which have "logged_out" as default).
whenever a user log in i modify the security_check value to "logged_in" from the page where i validate user(servlet). and whenever user hits logout button i explicitly change security_check value to its default value.
until now everything is fine.
but,
when user closes his browser without logging out, then there is a big problem because the security_check column value for that user is still "logged_in" and after that when that user tires to log-in he will get error message that you are already logged in( because i checked for security_check variable before allowing any user to log-in, and in his case he is already logged in. so he can't log-in. and also he can't log-out because the session got expired when he closes the browser. so what should i do???


below is the code i user for HttpSessionListener class: (which is not working):

==============//=================//=======================//==============

package com.svc.session;

import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
import java.sql.*;
import javax.servlet.http.HttpSession;


public class Session_Invalidator implements HttpSessionListener
{
public Session_Invalidator()
{
try
{
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
}
catch(Exception e){}
}

public void sessionCreated(HttpSessionEvent se)
{

}

public void sessionDestroyed(HttpSessionEvent se)
{
HttpSession session = se.getSession();
String uName = session.getAttribute("userName").toString().trim();

Connection con = null;
PreparedStatement stmt = null;

try
{
con = DriverManager.getConnection("jdbc: odbc:CMS","",""); // i am using space between colon and odbc bec if i don't it will be converted to smile, so ignore the space
stmt = con.prepareStatement("update Users set security_check=default where login_name=?");
stmt.setString(1, uName);
int no = stmt.executeUpdate();
}
catch(Exception e){}

}

}


==========//=====================//========================//==================


Any suggestions. Please!
 
Brett Maclean
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Lokendra,

You've also specified your SessionListener in the web.xml right - i.e. ?


<web-app>
<listener>
<listener-class>com.svc.session.Session_Invalidator</listener-class>
</listener>
</web-app>


When you say it isn't working, is it throwing an exception or does it not appear as if it's being called.

One last point ... it's always good practice to close JDBC resources in a finally statement.
 
Lokendra Shekhawat
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No i haven't specified it in the web.xml file. now i will do it write now and reply.
about the second question. no exception nothing whenever user tries to log-in(when he closed his browser without logging out) he won't be able to log in bec Security_check column value is still logged_in.
 
Vishwanath Krishnamurthi
Ranch Hand
Posts: 331
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

because when you close browser window HttpSessionListener methods not getting called.


You mean to say HttpSessionListener methods wont get called when you close the browser?

No, if you close all the browser instances, (and you dont have cookies with a max age set) the session would get invalidated and the listener method sessionDestroyed() would get called.
 
Lokendra Shekhawat
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i am back with the answer:

i added that entry in web.xml file.
and i logged in with one user and waited till session gets timeout. in this condition HttpSessionListener is working, that is, its setting the Security_check value to its default but when i directly close the browser and again open the browser and retry logging the same user, then i am not able to because that security_check value is still "logged_in" it means when i close the browser the session is getting invalidated but the HttpSessionListener class is not running when i am closing the browser.

please help tel me what to do in this condition.
 
Lokendra Shekhawat
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
please reply!!!
 
Jan Cumps
Bartender
Posts: 2602
13
C++ Linux Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Lokendra Shekhawat wrote:please reply!!!
Hi, Lokendra. We 're all volunteers. And it was night time.
I am convinced that once someone knows how to help you, you will get a reply.
Regards, Jan
 
Brett Maclean
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In this case I think you will need to go back to the first option, of using Javascript to capture the close event and then either an AJAX request or a form submission to a servlet which will call your database state update code. I'm no Javascript expert but there is a suggested solution on Java Junction. Just as full disclosure, I haven't used this.

The other option, is the one that Jan suggested earlier.


What some applications (say: SAP) do, is,

when you log on, and it seems that you still have a log on active,
it allows you to choose:

a - stop this new log on : the new session closes.

b - stop the old log on, and allow the new session:
From that moment on, if the old session would still exist, the system would reject all activity in the old session, and only requests of the new session would be handled


Personally, I think this is preferable but maybe that's just my fear of Javascript talking :-)

 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65225
95
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There is no "close event" in JavaScript.
 
Brett Maclean
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ok, well the code below called the Javascript (to say hello) when I closed my browser window (I am using Chrome). This snippet is just an altered version of the code at the link I posted above.



My "close event" is the onbeforeunload event ... as I said above, JS isn't my strong suit but this certainly seemed to work. Now just replace alert('hello'); with a script that will call your server-side code. Best left as an exercise for the reader :-)
 
Praveen Sridharan
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Brett,
I am also struck up with the same issue. But my worry is, at the time of unload event, suppose you consider there is a network problem, so that the client cannot communicate with the server. Suppose the session time out is 5 minutes and if the same user tries to login to the web application after 2 mins (After network recovery ) He/she may not be able to login for other 3 minutes. Moreover, session timeout is not properly happening after 5 mins. Its taking nearly 6 mins in some cases. If some body has any solutions please let me know.

Thanks and Regards,
Praveen.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic