You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by maven apache <ap...@gmail.com> on 2010/12/02 10:38:04 UTC
any ideas about handle user's relogin using interceptor?
Hi:
In our application,if user logined in one browser or computer,then he/she
login in another brower/computer,the first login information should be
removed.
For example.
User login in computer A,then he did not logout and then login in computer
B,then if he back to computer A do some Authorization required
operation,then he should be informed for relogin in computer A, of
course,the login information in computer B should be removed now.
It seems that the Interceptor can be used here,since the Interceptor's scope
is method(just my own understand),but I have no idea how to remove the old
login information.
Any ideas?
Re: any ideas about handle user's relogin using interceptor?
Posted by Li Ying <li...@gmail.com>.
It looks like so.
2010/12/3 maven apache <ap...@gmail.com>:
> Thanks!
>
> So the way I use the interceptor is right?
>
> Nothing have to be changed except saving the session id intead of sessin it
> self?
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: any ideas about handle user's relogin using interceptor?
Posted by maven apache <ap...@gmail.com>.
Thanks!
So the way I use the interceptor is right?
Nothing have to be changed except saving the session id intead of sessin it
self?
2010/12/3 Li Ying <li...@gmail.com>
> I read your code, and noticed one thing.
>
> You saved the whole HttpSession instance in Map, this will waste memory.
>
> The information you really need is just the SessionID, but not the
> whole Session.
>
> SessionID can be retrieved from HttpSession.getId();
>
>
> See:
>
> http://download.oracle.com/javaee/5/api/javax/servlet/http/HttpSession.html#getId%28%29
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
Re: any ideas about handle user's relogin using interceptor?
Posted by Li Ying <li...@gmail.com>.
I read your code, and noticed one thing.
You saved the whole HttpSession instance in Map, this will waste memory.
The information you really need is just the SessionID, but not the
whole Session.
SessionID can be retrieved from HttpSession.getId();
See:
http://download.oracle.com/javaee/5/api/javax/servlet/http/HttpSession.html#getId%28%29
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: any ideas about handle user's relogin using interceptor?
Posted by Li Ying <li...@gmail.com>.
The only data need to save is UserID and SessionID, I think it will
not over 100 bytes per user.
For 1000 user, the total memory will not over 10MB.
So, you don't have to worry about memory problem.
For the DB solution, if you worry about response speed.
You can change the solution:
Do not check for every request. Do it with some interval instead.
For example:
(1)check it once per 2 minutes
OR
(2)check it once per 10 requests.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: any ideas about handle user's relogin using interceptor?
Posted by maven apache <ap...@gmail.com>.
Hi:
Thanks for Liying's answer,I have a try just now,and it works well(say the
result,it meet my requirements).
However I found that my codes are rathre ugly,have no logic.
So I wonder any one can spare some time to have a check?
Notice:I remove the jars in the WEB-INF/lib. You should add it yourself.
BWT,I wonder if saving all the session information in the server side is a
good idea,if too many user login,the memeory is a problem,but if save the
session in the db or file system,it will slow down the response speed. :(
However,thanks Li ying and other guys anyway.
2010/12/2 Li Ying <li...@gmail.com>
> ActionContext is just a wrap class for convenience.
>
>
> If you need the real HttpSession.
> You should get the HttpRequest first, from
> ServletActionContext.getRequest().
>
> See:
>
> http://struts.apache.org/2.2.1/struts2-core/apidocs/org/apache/struts2/ServletActionContext.html
>
> And then, you can get the HttpSession from
> HttpServletRequest.getSession();
>
> See:
>
> http://download.oracle.com/javaee/5/api/javax/servlet/http/HttpServletRequest.html
>
>
>
>
> 2010/12/2 maven apache <ap...@gmail.com>:
> > Thanks,your answer can not be detailed more. :)
> >
> > only a little confused.
> >
> > Map attibutes = ActionContext.getContext().getSession()
> >
> > I can get the session this manner,but it seems that it is a Map,not a
> > HttpSession,so what is the id?
> >
> > I have debug the session yet,and I found there is a property in the Map:
> > struts.troken,is this unique can be used as the session id?
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
Re: any ideas about handle user's relogin using interceptor?
Posted by Li Ying <li...@gmail.com>.
ActionContext is just a wrap class for convenience.
If you need the real HttpSession.
You should get the HttpRequest first, from ServletActionContext.getRequest().
See:
http://struts.apache.org/2.2.1/struts2-core/apidocs/org/apache/struts2/ServletActionContext.html
And then, you can get the HttpSession from
HttpServletRequest.getSession();
See:
http://download.oracle.com/javaee/5/api/javax/servlet/http/HttpServletRequest.html
2010/12/2 maven apache <ap...@gmail.com>:
> Thanks,your answer can not be detailed more. :)
>
> only a little confused.
>
> Map attibutes = ActionContext.getContext().getSession()
>
> I can get the session this manner,but it seems that it is a Map,not a
> HttpSession,so what is the id?
>
> I have debug the session yet,and I found there is a property in the Map:
> struts.troken,is this unique can be used as the session id?
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: any ideas about handle user's relogin using interceptor?
Posted by maven apache <ap...@gmail.com>.
Thanks,your answer can not be detailed more. :)
only a little confused.
Map attibutes = ActionContext.getContext().getSession()
I can get the session this manner,but it seems that it is a Map,not a
HttpSession,so what is the id?
I have debug the session yet,and I found there is a property in the Map:
struts.troken,is this unique can be used as the session id?
2010/12/2 Li Ying <li...@gmail.com>
> The problem will be:
>
> (1)How to save the information about who is logged in from which session.
>
> and
>
> (2)How to check this information before every action execution
>
>
> For problem 1, if you only have one app server, you can save this
> information in global variable, if you need support multi app servers,
> you can save it into DB.
> The data structure should like
> Map<UserID, SessionID> (in global variable)
>
> or
> TABLE (UserID VARCHAR, SessionID VARCHAR) (in DB)
>
>
> For problem 2, you are right, Interceptor will be a good choice.
>
>
>
>
> I think the whole architecture should likes:
>
> (1)After user login, save the logged in status into global variable or
> DB, and into current session.
>
> (2)Before every action execution, extract logged in user id from
> current session, and then check the global variable or DB, see if this
> user is logged in from the same session.
> If the same user is logged in from some session else, this means
> he/she has re-logged in from somewhere else, so you can remove the
> logged in status from current session, and then force the user login
> again.
>
>
>
> For example:
>
> (1)UserA, logged in from ComputerA.
> Let's say the session is SessionA.
>
> So in SessionA, the logged in user ID will be UserA.
> And in the global variable or DB, UserA will be marked "logged in from
> SessionA"
>
> (2)When the same user login from ComputerB.
> Let's say SessionB.
> In SessionB, the logged in user ID will be UserA.
> And in the global variable or DB, the logged in status of UserA will
> be overwritten by "logged in from SessionB"
>
> (3)Request any page again from ComputerA.
> The Interceptor can extract the logged in user id (which will be
> UserA) from current Session (which will be SessionA).
> And extract the logged in status from global variable or DB,
> which will be "logged in from SessionB", and different from current
> session.
>
> So the Interceptor can say, UserA has re-logged in from some where else.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
Re: any ideas about handle user's relogin using interceptor?
Posted by Li Ying <li...@gmail.com>.
The problem will be:
(1)How to save the information about who is logged in from which session.
and
(2)How to check this information before every action execution
For problem 1, if you only have one app server, you can save this
information in global variable, if you need support multi app servers,
you can save it into DB.
The data structure should like
Map<UserID, SessionID> (in global variable)
or
TABLE (UserID VARCHAR, SessionID VARCHAR) (in DB)
For problem 2, you are right, Interceptor will be a good choice.
I think the whole architecture should likes:
(1)After user login, save the logged in status into global variable or
DB, and into current session.
(2)Before every action execution, extract logged in user id from
current session, and then check the global variable or DB, see if this
user is logged in from the same session.
If the same user is logged in from some session else, this means
he/she has re-logged in from somewhere else, so you can remove the
logged in status from current session, and then force the user login
again.
For example:
(1)UserA, logged in from ComputerA.
Let's say the session is SessionA.
So in SessionA, the logged in user ID will be UserA.
And in the global variable or DB, UserA will be marked "logged in from SessionA"
(2)When the same user login from ComputerB.
Let's say SessionB.
In SessionB, the logged in user ID will be UserA.
And in the global variable or DB, the logged in status of UserA will
be overwritten by "logged in from SessionB"
(3)Request any page again from ComputerA.
The Interceptor can extract the logged in user id (which will be
UserA) from current Session (which will be SessionA).
And extract the logged in status from global variable or DB,
which will be "logged in from SessionB", and different from current session.
So the Interceptor can say, UserA has re-logged in from some where else.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org