• Post Reply Bookmark Topic Watch Topic
  • New Topic

Terminate others session by session id

 
Sunil Chavan
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I wanted to implement "multiple login prevention" logic in my application. Whenever any user will log into application system will check for same userid into user map which is stored in application scope and if it find any then it will terminate that already logged in user.

I wanted to know how I can terminate that session (another person who is already logged in) using his session id.

I would appreciate if you can put some light on this.

Thanks in advance

Regards,

Sunil Chavan
Mumbai, India.
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13078
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The servlet API does not give you easy access to HttpSession IDs - the first version did but it was removed as a security risk.

Why do you want to close the older login? Wouldn't that be a nasty shock to the original user?

Why not just prevent the new login - that seems to be the usual approach.

Bill
 
ramprasad madathil
Ranch Hand
Posts: 489
Eclipse IDE Java Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Simply store a handle to the session object along with the userid in your user map ???

Whenever any user will log into application system will check for same userid into user map which is stored in application scope


Be warned that this maywork in a single server and will not fly in a clustered environment.

ram.
 
Ravi Kiran Va
Ranch Hand
Posts: 2234
Eclipse IDE Firefox Browser Redhat
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Be warned that this maywork in a single server and will not fly in a clustered environment.


Hi , why this will not work in a clustered environment , as becasue he is storing the data in a application context ??
please advise .



 
ramprasad madathil
Ranch Hand
Posts: 489
Eclipse IDE Java Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi , why this will not work in a clustered environment as becasue he is storing the data in a application context ??


Right - that's one reason. The application context object (or any object for that matter) is local to that jvm. In a clustered environment, the application would be deployed on mutiple server instances (multiple jvms) and each would have it's own application context object.

A second reason is that the session (and by extension the ids) are also in memory objects. Session replication is a primary feature of clustered deployments. There is no guarantee that all requests would be served by the same machine in the cluster. In another machine, on another jvm, while the replicated session would contain the same data as the original, it is an entirely different object local to that jvm and with an altogether different session id.

cheers,
ram.
 
Michael Angstadt
Ranch Hand
Posts: 277
Eclipse IDE Java PHP
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Like ramprasad alluded to, you could use a HttpSessionListener to add newly created HttpSession objects to a Map, where the Map's key is the user ID. In the sessionCreated() method, you could check to see if a HttpSession object for the given user ID already exists and if it does, call invalidate() on the object. In the sessionDestroyed() method, you'd have to remove the HttpSession object from the Map.
 
Ravi Kiran Va
Ranch Hand
Posts: 2234
Eclipse IDE Firefox Browser Redhat
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The application context object (or any object for that matter) is local to that jvm. In a clustered environment, the application would be deployed on mutiple server instances (multiple jvms) and each would have it's own application context object.


Thank you ramprasad the informationn was quite useful .
 
Sunil Chavan
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
you could use a HttpSessionListener to add newly created HttpSession objects to a Map


Will that create a Performance issue as I have 500 concurrent users.

Please guide.

Thanks & Regards,

Sunil Chavan
Mumbai, India.
 
ramprasad madathil
Ranch Hand
Posts: 489
Eclipse IDE Java Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sunil Chavan wrote:
you could use a HttpSessionListener to add newly created HttpSession objects to a Map


Will that create a Performance issue as I have 500 concurrent users.

Please guide.



That's hard to tell and depends on many things - the kind of hardware your server runs on, whether it is clustered etc.

Application servers may passivate sessions to improve performance - so if you are going to interfere with the lifecycle of container managed objects (like retaining a reference to the HttpSession object in this case), it certainly warrants some kind of performance testing.

cheers,
ram.
 
Sunil Chavan
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks to all for providing instant help.

I really appreciate this.

Thanks & Regards,

Sunil Chavan.
Mumbai, India.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!