This week's book giveaway is in the Kotlin forum.
We're giving away four copies of Kotlin for Android App Development and have Peter Sommerhoff on-line!
See this thread for details.
Win a copy of Kotlin for Android App Development this week in the Kotlin forum!

Steve Dyke

Ranch Hand
+ Follow
since Nov 16, 2004
Cows and Likes
Cows
Total received
1
In last 30 days
0
Total given
0
Likes
Total received
7
Received in last 30 days
0
Total given
12
Given in last 30 days
1
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Steve Dyke

Tim Holloway wrote:J2EE sessions work like this:

But if I open 3 Edge windows, they'll all be using the same cookie pool, so all of the windows will be talking to the same session. If one window logs off, the sessionid is now invalid for all 3 windows.



This is my situation. What if any is the best way to deal with this?
1 day ago

Tim Moores wrote:By "instance" I assume you mean "browser window connected to the same web app". It sounds as if you're talking about sessions being invalidated. Why do you need separate session for the same user?



Yes I am talking about sessions, and I do not need separate sessions for same user.

Normal application behavior:
In my web application I have set up certain criteria for invalidation.
….

Now from the users perspective:
I open an instance of the web app - all is good.
For some reason I decide to open a second instance of the same app - again all is good, at least for a bit.
Now thru my normal app process the first instance invalidates.
Oh no, since both instances share the same session handle the second instance invalidates also.
1 day ago
May be wrong forum. If so sorry.

In my web application I have set up certain criteria for invalidation.

If a user opens two instances of the same application on the same machine once the first instance invalidates
the second instance invalidates also.

Is there a way to handle this?

I would like to limit the user to one instance but from what I read that is discouraged.
1 day ago

Bear Bibeault wrote:Why the response wrapper? Just use a straight-forward servlet filter.



Articles I read said the response may already be configured and the setting not incorporated if not do this way.

Can you answer another question for me? If I am checking for session = null how do I still get an IllegalStateException on the line session.invalidate()?

1 week ago

Tim Holloway wrote:First you need to find out why all those sessions are alive at the same time. Do you have actually that many online users? If so, they may be legitimate and the only real choices are A) IBM (Install Bigger Memory), B) reduce the amount of session data being used by the offending application(s), C) Change the apps to minimize their use of an HttpSession environment (if you're using container security, that basically means making pages that don't really need the user to be logged in be unsecured - or Just In Time Login, if you prefer. D) Run a cluster. E) Convert to ReST (which is item B carried to its logical conclusion).

And F) Are these active users, or should you shorten the session timeout to drop people who left the site without logging off?

You might want to add Session Listeners to log the start and stop times (and thus durations) of the sessions, and at destroy time, look at how many/how big the collection of session-scope variables hanging onto it is.



A couple of things I have done is increase the Heap Size to 7G. I am working on code to invalidate the session if idle for a specified time.
I am using Session Listener also.
So the invalidate fires either automatically(inactivity), when the user logs off(does not shut the application down), and when the page is actually closed.

However, when either of the first two fire do I just loop back to the initial application start up?
1 week ago
I am wanting to move some repetitive code into my filter.

In every doPost method of each Servlet I have:



Here is a part of my Filter code to do this. I just want to know it this is the correct way:

1 week ago

Paul Clapham wrote:

Steve Dyke wrote:Thanks I have been trying to rethink this whole thing.



The first thing to think about is, why would you want to know which sessions are active? There must be a purpose for which you want to use that information. Then, maybe that purpose can be fulfilled in a different way.



My issue is that the Heap Size of my application(WebSphere) keeps maxing out. IBM did analysis and said the memory was overran with HTTP Sessions.
I thought that is I new the session ID of the sessions I could do an invalidate on that ID and kill that particular HTTP Session.

However, I have been working on my code to call an invalidate after specified user inactivity.

But I really do not know how to handle the application instance once the session gets invalidated. Do I push it back to the logon prompts?
But if I do anything it just creates a new HTTP Session.
1 week ago
I am using the session maxInativeInterval setting to 30 minutes.

I realize when user makes a request in the application the interval get reset.

I use a filter for all requests.

There are some requests, application requests that are used to update a message or what ever.

These requests I would like to use my filter and not use them to reset the maxInactiveInterval.

Is this possible?

2 weeks ago

Tim Holloway wrote:Don't even think about it.



Thanks I have been trying to rethink this whole thing.
2 weeks ago
I want to check and see id a sessionID is active in my application.

When a user logs on to my app I store the sessionID in a data table.

I would like to be able to use that sessionID to see if it is still active or has been invalidated.
2 weeks ago
When I make javascript changes to my Java Web Application and redeploy the application the changes do not seem to take affect.
If after redeploy I go to a particular machine and clear the browser cache the changes work.

Is there a way in my application to clear the browser cache once so the changes will be operational?
3 weeks ago

Dave Tolls wrote:

"
If there is a security manager???
"



Is this security manager part of the application attempting the get the host name?

I really do not understand the part about security manager. I compile the application, deploy to WebSphere server, every client runs the app from that server.

Is the security manager somehow on the client machine apart from the application they are running?
1 month ago

Dave Tolls wrote:Is the first machine the one the code is running on?



The code runs on a WebSphere Application Server on an iSeries(as400) computer.
1 month ago

Stephan van Hulst wrote:You need to give some more information. What are you trying to achieve? What code are you using to try to achieve it? What input are you using? What output are you getting?



machineip value# 1: 11.44.94.97
machineip value# 2: 11.44.92.85
machineip value# 3: 11.44.92.51



SystemOut     O MachinePrinterList: hostname: susgaid3xs1f42
SystemOut     O MachinePrinterList: hostname: 11.44.92.85
SystemOut     O MachinePrinterList: hostname: 11.44.92.51
1 month ago

Stephan van Hulst wrote:Seeing as you're going to operate on the InetAddress object, you don't even have to convert to the byte format. Just use InetAddress.getByName() and you're done.



Thanks. Got this code working, however having issues.

Tested one three computers on the same network. 1 returned the computer name(SUSGAIDXXX). 2 returned the IP Address.
1 month ago