• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

problem with sessions

 
Ranch Hand
Posts: 97
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
How can I expire previous session on some terminal while same person is logging in from another terminal. I mean if somebody is loggedin on a site from some terminal and then he tries to login from another terminal, I want to invalidate his old login session with some message on that terminal, so that at a time he can have only one active session. How can I?

thanx in advance,
soni.
[ September 29, 2005: Message edited by: Soni Prasad ]
 
Ranch Hand
Posts: 569
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I guess it would be difficult to achieve with declarative authentication. The server tries to authenticate someone only base on whether constrained resource is accessed or not - not whether he/she has an active session.

Practically, I guess most of the solutions are based on implementing our own authentication scheme at the application level. In this case, we can do whatever we like e.g. when one try to login, i.e. create a new HttpSessioin we just invalidate all existing sessions storing the same username.
 
Soni Prasad
Ranch Hand
Posts: 97
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


when one try to login, i.e. create a new HttpSessioin we just invalidate all existing sessions storing the same username.



Thanks alot for your reply... Now can you please tell me how to get all the existing sessions and invalidate them on creation of a new session. I am using FORM based authentication in JAAS and using jboss4.0.0.

soni.
 
Alec Lee
Ranch Hand
Posts: 569
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A suggestion is first to create a HttpSessionListener which put all created sessions into a ServletContext attribute. Then you can scan thru all session objects from any servlet you like (beware of security loophole) by going thru that ServletContext attribute.
reply
    Bookmark Topic Watch Topic
  • New Topic