File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes session variable Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCM Java EE 6 Enterprise Architect Exam Guide this week in the OCMJEA forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "session variable" Watch "session variable" New topic
Author

session variable

Naresh Chaurasia
Ranch Hand

Joined: May 18, 2005
Posts: 356
Hi,
can someone suggest me as to how i can make use of session variable(or some other logic) to prevent a user from logging into my system who is already logged in. I have disabled the cookies.

thnx in advance


SCJP 1.4, SCWCD1.4, OCA(1Z0-007)
Sirisha Reddy
Ranch Hand

Joined: Jun 09, 2003
Posts: 75
Hi,

When user logs in, store the username as a application scope variable. So that username is availbale across all sessions and requests.
My 2 cents.

Siri.


SCJP 1.4
Amit Saini
Ranch Hand

Joined: Oct 20, 2004
Posts: 280
Hi !
Just trying to understand your question.
You are trying to prevent a user from logging in who is already logged in??
Can you elaborate a bit more what you are trying to accomplish?

THanks,
Amit
Naresh Chaurasia
Ranch Hand

Joined: May 18, 2005
Posts: 356
Hi,
Siri, I am aware about the context variable which are initialized when in the web.xml, but not aware about other application scope variable. Can you tell more on this !!!



Amit what i am trying to do is that a user is already logged in my system and he opens other browser and logs in again. I want to prevent the second time logging of the user.

thnx in advance.
Amit Saini
Ranch Hand

Joined: Oct 20, 2004
Posts: 280
Why cant you simply check the existance of that users session?
Correct me if I'm wrong (even I'm new to all this!) but heres what I think.
On the login page you could have some check like

if request.getSession(false) returns null
then you know this is the first time a user is logging in
else
you know that he already has a session that exists and you can take the necessary action.

Anyone? Does this sound okay?
Thanks,
Amit
Sirisha Reddy
Ranch Hand

Joined: Jun 09, 2003
Posts: 75
i meant in servletcontext scope. when the session begins store the logged username as servletcontext level scope variable .. for every new user login .. check if the user already exists and prevent him from loggin again. make sure to delete the user when the session ends!

Siri.
Narendra Dhande
Ranch Hand

Joined: Dec 04, 2004
Posts: 950
Hi Siri,

How you come to know then the session is ended by user on particular browser window?

Thanks


Narendra Dhande
SCJP 1.4,SCWCD 1.4, SCBCD 5.0, SCDJWS 5.0, SCEA 5.0
Sirisha Reddy
Ranch Hand

Joined: Jun 09, 2003
Posts: 75
Use this event/method sessionDestroyed(HttpSessionEvent se) in javax.servlet.http.HttpSessionListener

to remove the context variables..
Naresh Chaurasia
Ranch Hand

Joined: May 18, 2005
Posts: 356
Hi Sirisha,
I guess this is what you meant : i have tried and it is working.thnx.


public class Login extends HttpServlet
{
public void init(ServletConfig sc)throws ServletException{
super.init(sc);
}

public void doGet(HttpServletRequest req,HttpServletResponse res) throws ServletException,IOException{

PrintWriter out = res.getWriter();
String userid = req.getParameter("userid");


ServletContext sctxt = getServletContext();
String uid = (String)sctxt.getAttribute("userid");

if(uid == null){
sctxt.setAttribute("userid",userid);
out.println("new userid :"+userid);
}
else if(uid.equals(userid)){
out.println("old userid : "+userid);
}

}
}


In continuation with the session management, I open browser and log into my application. After that i open another browser and try to log-in again. Will the session.isNew() return true/false when i try log-in from the different browser.
Sirisha Reddy
Ranch Hand

Joined: Jun 09, 2003
Posts: 75
Mind you though, your code does not take care of removing the user from the servlet context when the session is over.
Siri.
Sirisha Reddy
Ranch Hand

Joined: Jun 09, 2003
Posts: 75
What about filters ??
Can you use them to do this stuff.. have you explored em?

I havent gotten that far in my reading.. let us know if you did...

Siri
Naresh Chaurasia
Ranch Hand

Joined: May 18, 2005
Posts: 356
yes i will take care of removing the of removing the user from the servlet context when the session is over.Another doubt,if a user is logged in, and he closed the browser without logging out. In that case the session will be still active.If the same user opens a new browser and tries to login again(assuming that the session is still active), will he get a new session/old session,assuming cookies are enabled in the browser and still not deleted.


i have not reached filters till now and no idea how filters work.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: session variable