You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by "Aravapalli, Udaya" <Ud...@McKesson.com> on 2002/10/04 17:45:47 UTC
[OT] [session] Shared userId
Hi
I want to check if an user tries to login with an userId for
which a session is already existing and show a message.
This can also be applied if two users want to share the same
userId and try to login at the same time.
Whenever a session is being created by the user , I want to
store the userId in the database using the valueBound method in
HttpSessionBindingListener and remove it from the Database when the
session is invalidated using the valueUnbound method. But this will
not work if the user does not explicitly invalidate the session (like
closing the browser).Then the session will remain active until the
session time out has reached. Is there any way to determine an browser
closing action by the user and invalidate the session..
thanks
Uday
Re: [OT] [session] Shared userId
Posted by Eddie Bush <ek...@swbell.net>.
No - there's not a reliable way to do it. You could lower your session
timeout - or simply inform your users of the consequences of not logging
out. Of course, there are going to be some folks who will have Windows
crash on them (!) and they might get a bit perterbed that - through no
fault of their own - they have to wait for their session to expire
before they can log back in.
You might ... give yourself a way to get ahold of the existing session
and close that session. Of course ... that could perterb some folks too
:-) I suppose you could examine it before you close it and see how long
it has been idle. You could then implement some policy of "A session
must be idle XX minutes before we can manually 'trash' it". So you'd
wind up examining the session on basis of how long it has sat idle - and
only drop folks that are idle for a given period of time (ex. session
timeout is normally 30 minutes, but you implement an "agressive" timeout
of 15 minutes [ or shorter, according to your view/needs ]).
Aravapalli, Udaya wrote:
>Hi
>
> I want to check if an user tries to login with an userId for
>which a session is already existing and show a message.
>
> This can also be applied if two users want to share the same
>userId and try to login at the same time.
> Whenever a session is being created by the user , I want to
>store the userId in the database using the valueBound method in
>HttpSessionBindingListener and remove it from the Database when the
>session is invalidated using the valueUnbound method. But this will
>not work if the user does not explicitly invalidate the session (like
>closing the browser).Then the session will remain active until the
>session time out has reached. Is there any way to determine an browser
>closing action by the user and invalidate the session..
>
>thanks
>Uday
>
--
Eddie Bush
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: [OT] [session] Shared userId
Posted by James Mitchell <jm...@telocity.com>.
I know what you want to do. In the web environment, it is impossible.
For every solution you can think of, I can come up with at least 2 "what
if" scenarios that will invalidate your logic.
I've been through this with at least 5 different Product Managers and
there is just no way to handle it.
Sorry if this is only discouraging news, but it is reality.
Good Luck
James
Aravapalli, Udaya wrote:
>Hi
>
> I want to check if an user tries to login with an userId for
>which a session is already existing and show a message.
>
> This can also be applied if two users want to share the same
>userId and try to login at the same time.
> Whenever a session is being created by the user , I want to
>store the userId in the database using the valueBound method in
>HttpSessionBindingListener and remove it from the Database when the
>session is invalidated using the valueUnbound method. But this will
>not work if the user does not explicitly invalidate the session (like
>closing the browser).Then the session will remain active until the
>session time out has reached. Is there any way to determine an browser
>closing action by the user and invalidate the session..
>
>thanks
>Uday
>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>