Maintaining Session

Hi All,

I hava one doubt regarding maintaining session in webapplication, if the user is logined in to application and again he is opened another browser and trying to login with same credentials I need to display the trying username is already loggened in.

How can I do this in my application where I need to main seesion for that user,

can any one tell me this.

thanks,

I don't think maintaining the session will help you. Because when the user logs in from a different browser, its likely to create a new session, so no use even if you store the user id in session. So a suggested solution could be is to maintain a database of the users with a field as connected which stores a true/false value. When the user loggs in for the first time set it true. If the user tries to log in again, check the value of the field connected in the database for this user, if the value is true, it indicates the user has already logged in.

However others might be able to suggest some better solution.

You will probably need to declare an application level variable, say a map or so that holds the information of already logged in users, then check it when anyoe logs in.

application level variable, say a map

Looks good, but might lead to a memory issue if number of users are too high. Please correct me if I am going wrong.

Hi Swastik Dey/ Bosun

Thanks four reply,

Dey, where I need to set that value is true/false and how to check this value is true or false can you please explain me.

and bosun As I understood in your post, I need to maintain loggedin users details in map and next time any user is trying to login I need to check this in map, Please correct me.

thanks

Yes. That was my suggestion. However, as mentioned, it has its drawbacks.

The other suggestion is to use a database table. In your table you will have a column associated with each user that will indicate if they are logged in or not. For each user that tries to login, you will check their status in this table first. If they are not logged in yet, you will proceed with the log in, and update the table to indicate so.

Reshma reddy wrote:Hi Swastik Dey/ Bosun

Thanks four reply,

Dey, where I need to set that value is true/false and how to check this value is true or false can you please explain me.

and bosun As I understood in your post, I need to maintain loggedin users details in map and next time any user is trying to login I need to check this in map, Please correct me.

thanks

Swastik Dey wrote:

application level variable, say a map

Looks good, but might lead to a memory issue if number of users are too high. Please correct me if I am going wrong.

Yup. But then so will using the Session itself. Both are just caches.

You probably want to use something a bit cleverer than just a Map (say a full-blown caching API) so unused entries can time out in the same way the session would.

Reshma,

Lets assume we maintain a following table in the database with the following two fields. User id fields contains list of all the registered users of your application, and the connected field stores a boolean value as true/false.

1.Using a database
--------------------
User id
Connected

This should be logic flow of the web application.

1. Retrieve the user id
2. Check the value of connected field for this user
3. If connected is false, set it true allow the user to log in , if connected is true means use is already logged in so abort the login process.
4. User logs off, set the value of connected to false again for this user.

2. Using a collection
--------------------
1. Create a list, store it in application context.
2. User logs in store the the user id in that list, if that id is already not existing in the list.
3. User logs off, remove the user id from the list.

Both the approaches have few advantages and disadvantages, the first approach might lead to some performance issue, because every time you have to hit the database, but not likely to lead to any memory issue.

The second one is good from performance point of view, but might lead to some memory issue, if the number of users are too high.

Swastik

thanks for post I got clear understanding ,

and I have one more questions, Assume If the application (Ex: adding cart application)is having ten pages , the user is logged in to application and I created one session and setting Attributes for that user,if this user is doing operations in four pages (assume)I need to maintain his session for that particular pages or do I need to maintain for entair application.

tell me how we need to maintain session for a application.

thanks

Reshma,

As per my knowledge, once you create a session attribute, it stays unless the session times out or you explicitly invalidate the session. As you have said you need it in the first four pages. So once the user goes to the 5th page, you can always invalidate it. But what if user navigates to any of the pages where you need the session value, the session is already lost, so there is going to be a problem.

Swastik

I agree with you, As i got from your post once session is created it is applicable for entire application, is it right, but in my condition I am not using for first four pages any four pages in out of ten.

My question is do I need to get these attribute values in that four pages ??

As I think seesion for application level we can call it where you want...correct me.

thanks

I think you are correct. Now as far as retrieving the attributes are concerned, it fully depends upon your requirement. If in any page you have got something to do with the user id , you have to retrieve that.

One pitfall you are most likely will encounter if used "user log off to update status".

What if the user did not log off! user is stuck online ?

Whatever method you use, for the situation well caught by Mark the session listener can be used. I agree to Mark that it's an important lookout.

Hi All,

by using sessionId's(created by container to every user) to solve my first question.

can any one help me regarding this.

thanks,
vishnu

by using sessionId's(created by container to every user)

Session Ids are created for every session Not user.

mark,

yes I agree with you,

I hava one doubt regarding maintaining session in webapplication, if the user is logined in to application and again he is opened another browser and trying to login with same credentials I need to display the trying username is already loggened in.

As I asked in my first post

I want to know by using this sessionId we can achieve my problem or not ??

thanks,
vishnu

I want to know by using this sessionId we can achieve my problem or not ??

Achieve the solution to your problem, you mean! The answer to this was given by Swastik in the very first reply - No! Sessions cannot help you in this. As for a new browser new session is created. Options have been provided to you for doing this at an application level with important lookouts by Swastik, Mark, Bosun and Paul.

The options of storing anything at the application scope is again not going to work in a clustered environment if we for a second forget memory issues. If your application can have memory issues it must be clustered, if it does not need to be clustered it won't have memory issues. These 2 things need to be consistent.

Himanshu Kansal wrote:

I want to know by using this sessionId we can achieve my problem or not ??

Achieve the solution to your problem, you mean! The answer to this was given by Swastik in the very first reply - No! Sessions cannot help you in this. As for a new browser new session is created.

Personally I don't even think this should be classified as a problem. To me it looks like a potentially useful feature (for the small number of users who regularly use more than one browser, that is).

Paul Clapham wrote:
Personally I don't even think this should be classified as a problem. To me it looks like a potentially useful feature (for the small number of users who regularly use more than one browser, that is).

I agree

Hi Himanshu/Paul,

thanks for your replys. and sorry for asking same questions twice .

thanks,