This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes session invalidation of an active user Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "session invalidation of an active user" Watch "session invalidation of an active user" New topic
Author

session invalidation of an active user

saxena Amit
Greenhorn

Joined: Jun 17, 2005
Posts: 5
In multiuser environment suppose a user close the browser
then his/her session is still active till session timeout.
Before session timeout if s/he wants to
login again,i want to invalidate his/her earlier session
hows that possible ?
sawan parihar
Ranch Hand

Joined: Aug 24, 2004
Posts: 250
In multiuser environment suppose a user close the browser
then his/her session is still active till session timeout.
Before session timeout if s/he wants to
login again,i want to invalidate his/her earlier session
hows that possible ?


How are you handing the session by URL rewriting or by cookies.


Sawan<br />SCJP,SCWCD,SCBCD<br /> <br />Every exit is an entry somewhere.
Anand Wadhwani
Ranch Hand

Joined: Mar 21, 2005
Posts: 151
Hi Amit,

You must have a method where you are validating user login, e.g. method is boolean validateUser(request,response)

In this method you can have following code to invalidate the existing session and create new one:


Hope this helps.


SCWCD 1.4<br />---------------------<br />Ability is what you're capable of. <br />Motivation determines what you do. <br />Attitude determines how well you do it.<br />---------------------
AmitKumar Jain
Ranch Hand

Joined: Jun 13, 2005
Posts: 95
***********
In multiuser environment suppose a user close the browser
then his/her session is still active till session timeout.
***********
As far as my knowledge is concerned, session ends once the browser is closed.. (it does not matter if cookies or URL re-writing is used)...
unless the user has opened a new browser from the earlier page.

I don't understand how the session would remain active even when browser window is closed?


SCJP 1.4 : 91%
SCWCD 1.4 : 95%
SCBCD 1.3 : 95%
SCJP 6 Upgrade : 95%
Next SCBCD 1.5
Man is not finished when he is defeated. He is finished when he quits.
Anand Wadhwani
Ranch Hand

Joined: Mar 21, 2005
Posts: 151
Hi Amit J,

There is no way for container to know if a perticular client has closed his browser, therefore his session object would still remain valid until session timeout occurs for that session object.

Amit S,

I am sorry abouot mentioning cookie for of auth-token, of course custom-cookie based session would automatically invalidated once browser is closed. Again depends on type of cookie, if cookie is persistent cookie then reopening the browser will send the persistent cookie (if alive) again and server will identify the session!
sawan parihar
Ranch Hand

Joined: Aug 24, 2004
Posts: 250
As far as my knowledge is concerned, session ends once the browser is closed.. (it does not matter if cookies or URL re-writing is used)...
unless the user has opened a new browser from the earlier page.


This is wrong. Session ends when you explicitly invalidate it or it times out. Closing the browser won't end the session.

Hey saxena Amit : I would like to know that why you want to do something like this. I mean I am just curious is it some requirement or something else.

[ June 26, 2005: Message edited by: sawan parihar ]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: session invalidation of an active user
 
Similar Threads
Forcing Relogin
How to prevent duplicate logins
Duplicated Login
How to track activesession
session