• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Paul Clapham
  • Bear Bibeault
  • Jeanne Boyarsky
Sheriffs:
  • Ron McLeod
  • Tim Cooke
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Jj Roberts
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • salvin francis
  • Scott Selikoff
  • fred rosenberger

Session Problem

 
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi all,

If a user open a browser and login into the web application.If the same user open another browser and login into the web application.how to send a response to the former browser that please logout user has already logged in.
 
Bartender
Posts: 10336
Hibernate Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can't (and shouldn't) be done. Imagine how you would feel if you logged onto a web site that closed other browser instances?

It sounds like what you need is to allow your user to log into your application with only one client. To do this you'll need something like a session table in a database or entry in a file that tracks whose logged in. At login you can check if a session already exists and invalidate it before creating a new one for your user.
 
Ranch Hand
Posts: 437
Oracle Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Rajeev.
When we request application it will create only one session id cookie for one particular type of browser. Suppose if we open the application in 2 windows using Firefox, still we get only one session id. If one logout means, another will logout. I think it is not possible.
 
Rajeev Ja
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there no way to invalidate the previous session of the user apart from the calling the session expiration in web.xml
 
Paul Sturrock
Bartender
Posts: 10336
Hibernate Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You don't need to use web.xml. Just call the Session's invalidate method.
 
Ranch Hand
Posts: 263
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Is there no way to invalidate the previous session of the user apart from the calling the session expiration in web.xml



Here's one way:

Well, whenever a user logs in, store that userid/email and sessionId in a static Hashtable:

So, when user a@a.com logs in a second time, you can see from the Hashtable that he is already login; you overwrite the new sessionId for user a@a.com in Hashtable anyway.

Your Hashtable looks like this now:

When the user a@a.com tries to do something using his first session (sessionIdA); your session-check/validation logic should consult the Hashtable; here it wont find sessionIdA present anymore against the user a@a.com. This clearly indicates that this is a stale session of the user and he must not be allowed to continue.
 
Ranch Hand
Posts: 874
Android VI Editor Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

It's a pure *overhead* for programmers and servers.
 
Bartender
Posts: 6663
5
MyEclipse IDE Firefox Browser Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Well, whenever a user logs in, store that userid/email and sessionId in a static Hashtable:



This will lead to trouble in a clustered environment.

Are you looking for a single sign on solution or do you simply want to prevent multiple logins ? What is the rationale behind including this logic in your app ?
 
James Ward
Ranch Hand
Posts: 263
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

This will lead to trouble in a clustered environment.



Good Point - we can store the session information in database OR share this static Hashtable across JVMs via Terracota etc.
 
Ranch Hand
Posts: 131
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think the objective is similar to what you get with gmail.com. For say you open http://gmail.com in a tab in firefox. Here comes the login page asking you to input username and password. You enter them and you are logged in your email account. Now in a separate tab in firefox itself try to open http://gmail.com. This time you will no more see the login page again. As it senses that there is a user already logged in the browser - so it straightaway takes you to the email inbox page.

While logged in the gmail account if you try to open http://gmail.com in separate firefox browser window you will be taken to the email inbox page transcending the enter Username password page.

So how is this being done? May be we can intercept this multiple access scenario and send in response a page with "application has already been invoked." - message.
 
James Ward
Ranch Hand
Posts: 263
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

So how is this being done?



Cookies/Sessions are shared/available across browsers - depending on how the browser was opened.

When a Browser is opened via an existing Browser instances - via ctrl-T (new tab), ctrl-N (new instance) ; they share Sessions/Cookies.
If a Browser is opened independently, say, Start > Program Files > FireFox - it will not have access to existing cookies/sessions.

When a request reaches GMAIL, it simply checks if a valid Session/Cookie was presented to it, if yes, it shows the mails, else you go to login page.
 
Shashank Rudra
Ranch Hand
Posts: 131
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The gmail is tracking its session even if you are opening a new firefox window. By clicking on the exe icon.
 
James Ward
Ranch Hand
Posts: 263
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Shashank Rudra wrote:The gmail is tracking its session even if you are opening a new firefox window. By clicking on the exe icon.



Yes, just saw that. In IE it is not so.

Therefore, it is not so much as what gmail is doing; it is how browser instances are sharing cookies between themselves.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic