• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Getting all sessions

 
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi
how can i get all the sessions associated with a particular web application running on Apache Tomcat 5.0.
 
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can't, as this would be a security risk. Atleast it isn't exposed through the J2EE API...

There are two options:
1) get the Tomcat source caode and find out what other public methods are available.
2) get the Tomcat source, and rewrite it to break open the required functionality.

Note I'm not saying you should do the second point, just that you can. The security aspects should not be discounted.

Sounds like this could become pretty Tomcat specific, I'm moving this to the Apache/Tomcat forum.

Dave
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If this is a requirement for your app, you can implement it yourself using session listeners and a singleton or context scoped map.

  • When your app initializes, instanciate the map and bind to context scope.
  • Using a session listener, add a reference for each session to the map (the sessionID makes a perfect key).
  • Whenever you want to view all the sessions, iterate over the map and pull each one.


  • If you'd like to see an example of this, go to http://simple.souther.us/not-so-simple.html and grab SessionMonitor.war.
     
    David O'Meara
    Rancher
    Posts: 13459
    Android Eclipse IDE Ubuntu
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    You're quite right, the way you've approached it, but the problem I find is that when people start building something like this, they can't help re-inventing session manangement and this is something I find very dangerous.

    Just to state again Ben's is a workable solution, but don't take it any further!

    Dave
     
    Ben Souther
    Sheriff
    Posts: 13411
    Firefox Browser VI Editor Redhat
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator

    Originally posted by David O'Meara:
    You're quite right, the way you've approached it, but the problem I find is that when people start building something like this, they can't help re-inventing session manangement and this is something I find very dangerous.

    Just to state again Ben's is a workable solution, but don't take it any further!

    Dave



    Agreed
    This was actually in the ServletAPI and was removed for security reasons.
    http://java.sun.com/j2ee/1.4/docs/api/javax/servlet/http/HttpSessionContext.html

    Anytime you build something yourself, you need to weigh the 'benefit vs risk' in doing so. If you're going to add this functionality to a real production app, think hard about what you're exposing and to whom.

    With this same technique, you could choose to expose only a subset from within your session. For example, you could create a userBean with properties that you want to expose and store a reference to that object instead of the session itself. You could also use the "Facade Pattern" to wrap the sessions that you are exposing which would also allow you to limit what methods and properties are exposed.

    In otherwords, building it yourself can be much safer than having the methods exposed as part of the Servlet Spec but it is up to you to understand the risks involved.
     
    Bartender
    Posts: 1845
    10
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    An alternative approach to the SessionListener, is to use a session binding listener.

    A lot of web applications require a login, and put a "user" object in session when login is successful.
    If you make that user object implement "HttpSessionBindingListener" then it will fire an event any time that object is put into a session/removed from a session (ie presumably at Login, and logout/session expiry)

    The most common reason I can think of that people want all the current sessions for is to iterate through and find out if that user is logged in already. A HttpSessionBindingListener may be more appropriate way to handle that requirement.
     
    pavan kumar singaraju
    Greenhorn
    Posts: 5
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    HI All,
    thanks for the good advices and alternatives provided.
     
    Not looking good. I think this might be the end. Wait! Is that a tiny ad?
    a bit of art, as a gift, that will fit in a stocking
    https://gardener-gift.com
    reply
      Bookmark Topic Watch Topic
    • New Topic