You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Jens Kühnberger <Ku...@web.de> on 2001/11/09 17:36:48 UTC

Retrieve used sessions

Hi,

can someone please tell me, if it's possible (and if it is how) to 
retrieve all sessions or to check if a session is still used.

Regards

Jens



--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>

Re: Retrieve used sessions

Posted by Matyas William Egyhazy <mw...@cms.mail.virginia.edu>.

you could use a timeout mechanism.

matt


On Fri, 9 Nov 2001, Jens [ISO-8859-2] K�hnberger wrote:

> So, if these methods are deprecated, how can I check on server side, if
> a user is still logged on?
> For example I store all users that are logged in. It's no problem to
> delete those who log off ,
> but how can I check for those who just close the browser?
>
> Jens
>
> Matt Egyhazy wrote:
>
> >these methods are deprecated in later j2ee:
> >
> >HttpSessionContext.getIds() which used to return a list of current session
> >ids
> >HttpSessionContext.getSession(sessionId) which would return a HttpSession
> >with the sessionId parameter.
> >
> >I think these were deprecated because application code could maliciously
> >attack other people's sessions (this is a problem for hosting companys that
> >use colocated apps).
> >
> >
> >Matt
> >
> >----- Original Message -----
> >From: "Jens Khnberger" <Ku...@web.de>
> >To: <to...@jakarta.apache.org>
> >Sent: Friday, November 09, 2001 11:36 AM
> >Subject: Retrieve used sessions
> >
> >
> >>Hi,
> >>
> >>can someone please tell me, if it's possible (and if it is how) to
> >>retrieve all sessions or to check if a session is still used.
> >>
> >>Regards
> >>
> >>Jens
> >>
> >>
> >>
> >>--
> >>To unsubscribe:   <ma...@jakarta.apache.org>
> >>For additional commands: <ma...@jakarta.apache.org>
> >>Troubles with the list: <ma...@jakarta.apache.org>
> >>
> >
> >
> >--
> >To unsubscribe:   <ma...@jakarta.apache.org>
> >For additional commands: <ma...@jakarta.apache.org>
> >Troubles with the list: <ma...@jakarta.apache.org>
> >
> >
>
>
>
> --
> To unsubscribe:   <ma...@jakarta.apache.org>
> For additional commands: <ma...@jakarta.apache.org>
> Troubles with the list: <ma...@jakarta.apache.org>
>



--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>

Re: Retrieve used sessions

Posted by Jens Kühnberger <Ku...@web.de>.

So, if these methods are deprecated, how can I check on server side, if 
a user is still logged on?
For example I store all users that are logged in. It's no problem to 
delete those who log off ,
but how can I check for those who just close the browser?

Jens

Matt Egyhazy wrote:

>these methods are deprecated in later j2ee:
>
>HttpSessionContext.getIds() which used to return a list of current session
>ids
>HttpSessionContext.getSession(sessionId) which would return a HttpSession
>with the sessionId parameter.
>
>I think these were deprecated because application code could maliciously
>attack other people's sessions (this is a problem for hosting companys that
>use colocated apps).
>
>
>Matt
>
>----- Original Message -----
>From: "Jens Khnberger" <Ku...@web.de>
>To: <to...@jakarta.apache.org>
>Sent: Friday, November 09, 2001 11:36 AM
>Subject: Retrieve used sessions
>
>
>>Hi,
>>
>>can someone please tell me, if it's possible (and if it is how) to
>>retrieve all sessions or to check if a session is still used.
>>
>>Regards
>>
>>Jens
>>
>>
>>
>>--
>>To unsubscribe:   <ma...@jakarta.apache.org>
>>For additional commands: <ma...@jakarta.apache.org>
>>Troubles with the list: <ma...@jakarta.apache.org>
>>
>
>
>--
>To unsubscribe:   <ma...@jakarta.apache.org>
>For additional commands: <ma...@jakarta.apache.org>
>Troubles with the list: <ma...@jakarta.apache.org>
>
>



--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>

Re: Retrieve used sessions

Posted by Matt Egyhazy <mw...@virginia.edu>.

these methods are deprecated in later j2ee:

HttpSessionContext.getIds() which used to return a list of current session
ids
HttpSessionContext.getSession(sessionId) which would return a HttpSession
with the sessionId parameter.

I think these were deprecated because application code could maliciously
attack other people's sessions (this is a problem for hosting companys that
use colocated apps).


Matt

----- Original Message -----
From: "Jens Khnberger" <Ku...@web.de>
To: <to...@jakarta.apache.org>
Sent: Friday, November 09, 2001 11:36 AM
Subject: Retrieve used sessions


> Hi,
>
> can someone please tell me, if it's possible (and if it is how) to
> retrieve all sessions or to check if a session is still used.
>
> Regards
>
> Jens
>
>
>
> --
> To unsubscribe:   <ma...@jakarta.apache.org>
> For additional commands: <ma...@jakarta.apache.org>
> Troubles with the list: <ma...@jakarta.apache.org>


--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>