• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Session Problem

 
Rajeev Ja
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi all,

If a user open a browser and login into the web application.If the same user open another browser and login into the web application.how to send a response to the former browser that please logout user has already logged in.
 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can't (and shouldn't) be done. Imagine how you would feel if you logged onto a web site that closed other browser instances?

It sounds like what you need is to allow your user to log into your application with only one client. To do this you'll need something like a session table in a database or entry in a file that tracks whose logged in. At login you can check if a session already exists and invalidate it before creating a new one for your user.
 
Chinmaya Chowdary
Ranch Hand
Posts: 434
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Rajeev.
When we request application it will create only one session id cookie for one particular type of browser. Suppose if we open the application in 2 windows using Firefox, still we get only one session id. If one logout means, another will logout. I think it is not possible.
 
Rajeev Ja
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there no way to invalidate the previous session of the user apart from the calling the session expiration in web.xml
 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You don't need to use web.xml. Just call the Session's invalidate method.
 
James Ward
Ranch Hand
Posts: 263
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there no way to invalidate the previous session of the user apart from the calling the session expiration in web.xml


Here's one way:

Well, whenever a user logs in, store that userid/email and sessionId in a static Hashtable:

So, when user a@a.com logs in a second time, you can see from the Hashtable that he is already login; you overwrite the new sessionId for user a@a.com in Hashtable anyway.

Your Hashtable looks like this now:

When the user a@a.com tries to do something using his first session (sessionIdA); your session-check/validation logic should consult the Hashtable; here it wont find sessionIdA present anymore against the user a@a.com. This clearly indicates that this is a stale session of the user and he must not be allowed to continue.
 
Balu Sadhasivam
Ranch Hand
Posts: 874
Android Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

It's a pure *overhead* for programmers and servers.
 
Deepak Bala
Bartender
Posts: 6663
5
Firefox Browser Linux MyEclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, whenever a user logs in, store that userid/email and sessionId in a static Hashtable:


This will lead to trouble in a clustered environment.

Are you looking for a single sign on solution or do you simply want to prevent multiple logins ? What is the rationale behind including this logic in your app ?
 
James Ward
Ranch Hand
Posts: 263
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This will lead to trouble in a clustered environment.


Good Point - we can store the session information in database OR share this static Hashtable across JVMs via Terracota etc.
 
Shashank Rudra
Ranch Hand
Posts: 131
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think the objective is similar to what you get with gmail.com. For say you open http://gmail.com in a tab in firefox. Here comes the login page asking you to input username and password. You enter them and you are logged in your email account. Now in a separate tab in firefox itself try to open http://gmail.com. This time you will no more see the login page again. As it senses that there is a user already logged in the browser - so it straightaway takes you to the email inbox page.

While logged in the gmail account if you try to open http://gmail.com in separate firefox browser window you will be taken to the email inbox page transcending the enter Username password page.

So how is this being done? May be we can intercept this multiple access scenario and send in response a page with "application has already been invoked." - message.
 
James Ward
Ranch Hand
Posts: 263
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So how is this being done?


Cookies/Sessions are shared/available across browsers - depending on how the browser was opened.

When a Browser is opened via an existing Browser instances - via ctrl-T (new tab), ctrl-N (new instance) ; they share Sessions/Cookies.
If a Browser is opened independently, say, Start > Program Files > FireFox - it will not have access to existing cookies/sessions.

When a request reaches GMAIL, it simply checks if a valid Session/Cookie was presented to it, if yes, it shows the mails, else you go to login page.
 
Shashank Rudra
Ranch Hand
Posts: 131
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The gmail is tracking its session even if you are opening a new firefox window. By clicking on the exe icon.
 
James Ward
Ranch Hand
Posts: 263
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Shashank Rudra wrote:The gmail is tracking its session even if you are opening a new firefox window. By clicking on the exe icon.


Yes, just saw that. In IE it is not so.

Therefore, it is not so much as what gmail is doing; it is how browser instances are sharing cookies between themselves.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic