• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Tim Cooke
  • Junilu Lacar
  • Rob Spoor
  • Devaka Cooray
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
  • Tim Holloway
  • Jj Roberts
  • Al Hobbs
  • Piet Souris

How to get session object by giving Session Id to kill another session in Websphere

Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,
Objective: To achieve only one user to logon only once on the same machine or different machine.
When the same user logs in on another machine or broswer instance, it should throw a msg
"User logged in already" and should not able to go further. When the user logs off
the lock should be released and browser close should be treated as Logout (at this
point also, the lock should be released)
THe Administrator should have one option to release the locked users.
Software: IBM WAS 4.0, database is Oracle
Suppose the user logs in to the web application. After proper authentication,
a flag is updated in a table with his user id. so when the same user is loggin in
from different browser, it checks for the entry first and then throws error msg without loggin in.

There should be one option for Admin to release the lock. Suppose the network goes down, the
user lock wont be released since he didnt logged off properly.
The admin has option to see list of users whose status='Y' from a table. Then Admin selects
one or more users and update the status as 'N', so that next time those users can log in.

Now problem is, a user logs in and his status is set to 'Y'. Now he calls up Admin to release
his user lock. the admin releases the lock (which updates the flag only). The same user will be
able to log on from different machine or browser instance now. We need to stop that.
So when the admin releases the lock, the other session if any should be invalidated, so that
he gets the login screen.

Question: When the user logs in his Session id is written to the table. With the help of that session id,
how can we get the Session object to invalidate that particular session. The admin should
able to get the session object of some person by giving that session id, and invalidate.

I have described in detail. I hope to get some positive reply to this. This is very urgent.
Plese help me and thanks in advance.

Ranch Hand
Posts: 34
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
When the session expires or web app goes donwn, use two listeners to update the db's status.
Run a scheduled job to clean up that table if necessary (check last-update timestamp).
And i dont think u should ever let the admin guy to directly manipulate the data like that. Rather wait for the session to be expired like 15 minutes so that the user can login then.
Ranch Hand
Posts: 925
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Whenever I have implemented;
one user = one session
It's always been FIFO (first person who logs in gets kicked out by the second user).
I think your requirements imply using a very short session lifetime (after 5 minutes of inactivity user gets kicked off), otherwise your admin is going to be very busy.
Who came up with these requirements??
    Bookmark Topic Watch Topic
  • New Topic