aspose file tools*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes problem with sessions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "problem with sessions" Watch "problem with sessions" New topic
Author

problem with sessions

Soni Prasad
Ranch Hand

Joined: Mar 09, 2005
Posts: 97
How can I expire previous session on some terminal while same person is logging in from another terminal. I mean if somebody is loggedin on a site from some terminal and then he tries to login from another terminal, I want to invalidate his old login session with some message on that terminal, so that at a time he can have only one active session. How can I?

thanx in advance,
soni.
[ September 29, 2005: Message edited by: Soni Prasad ]

SCJP 1.4, SCBCD 1.3
Alec Lee
Ranch Hand

Joined: Jan 28, 2004
Posts: 569
I guess it would be difficult to achieve with declarative authentication. The server tries to authenticate someone only base on whether constrained resource is accessed or not - not whether he/she has an active session.

Practically, I guess most of the solutions are based on implementing our own authentication scheme at the application level. In this case, we can do whatever we like e.g. when one try to login, i.e. create a new HttpSessioin we just invalidate all existing sessions storing the same username.
Soni Prasad
Ranch Hand

Joined: Mar 09, 2005
Posts: 97

when one try to login, i.e. create a new HttpSessioin we just invalidate all existing sessions storing the same username.


Thanks alot for your reply... Now can you please tell me how to get all the existing sessions and invalidate them on creation of a new session. I am using FORM based authentication in JAAS and using jboss4.0.0.

soni.
Alec Lee
Ranch Hand

Joined: Jan 28, 2004
Posts: 569
A suggestion is first to create a HttpSessionListener which put all created sessions into a ServletContext attribute. Then you can scan thru all session objects from any servlet you like (beware of security loophole) by going thru that ServletContext attribute.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: problem with sessions