aspose file tools*
The moose likes JSP and the fly likes Session Management Still weird Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "Session Management Still weird" Watch "Session Management Still weird" New topic
Author

Session Management Still weird

Rajkumar balakrishnan
Ranch Hand

Joined: May 29, 2008
Posts: 445

Hi all,

I am developing an web application which is almost completed except the session problem.. I add the session details like session name and id in DB's and so it works fine until you do proper work like login->do something->logout.. But if you close the window accidentally and wants to re-enter the page then it shows error message and after deleting the particular session entry from DB only i can able to login.. This is not a good practice though..

I need a session management where if user closes the browser automatically and wants to restart the application then it gibe him freedom to reopen the page.. How could i achieve that...

Any ideas and help will be appreciated..

I need the help of ranchers....
[ August 04, 2008: Message edited by: Bear Bibeault ]

Never try to be a hard-worker. Be a smart-worker.
My Blog
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12675
    
    5
I add the session details like session name and id in DB's


You should not expect the session ID to be valid for longer than a single session. You should NOT try to keep a reference to a session in ANY form of storage - sessions are managed by the servlet container.

The correct solution is to create a custom object that contains all you want to keep and manage it separately. I typically serialize such an object to a disk file.

Bill


Java Resources at www.wbrogden.com
Rajkumar balakrishnan
Ranch Hand

Joined: May 29, 2008
Posts: 445

Originally posted by William Brogden:

The correct solution is to create a custom object that contains all you want to keep and manage it separately. I typically serialize such an object to a disk file.
Bill


Sorry William... I don't even understand what you are speaking about.. Will please give me steps involved or any examples,links that kinda stuff please.. It'll be useful for me..........

Jesus Angeles
Ranch Hand

Joined: Feb 26, 2005
Posts: 2046
Let's say, a Session is a box, and things you put in the Session are chocolates.

If the Session expires, or the server is restarted or whatever, all your Sessions are gone, all your boxes are gone, and all the chocolates in them are gone.

What you are doing now, is saving the boxes, not the chocolates.

Save the chocolates. You can get new boxes later, you just need to save the chocolates now.
Amit Ghorpade
Bartender

Joined: Jun 06, 2007
Posts: 2711
    
    5

I think this topic is more closer to servlets and what you probably need is a session listener.



Hope this helps


SCJP, SCWCD.
|Asking Good Questions|
Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

Jesus explains it beautifully ,

Here is same explanation with some technical terms

:

1. User logged in , create an new HttpSession object (box).
2. add users id and name (chocolates), using HttpSession#setAttribute() method!
3. When user logged out invalidate the session (destroy the box)using HttpSession#invalidate().


Hope this help !


[LEARNING bLOG] | [Freelance Web Designer] | [and "Rohan" is part of my surname]
Rajkumar balakrishnan
Ranch Hand

Joined: May 29, 2008
Posts: 445

Thanks for the excellent explanations.... OK.. I go with your way..
And here is my doubt..
Could i able to handle the session mechanism within Servlet file?
What should i do inorder to maintain proper session tracking with my users?
Please give me some links that handle session mechanism in Servlet and JSP as well...
Because combining both will be a best practice(I've heard it somewhere else.... )
So many questions?
Please help me ranchers..... I believe in that...
[ August 05, 2008: Message edited by: Rajkumar balakrishnan ]
Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

Originally posted by Rajkumar balakrishnan:
.
Could i able to handle the session mechanism within Servlet file?

Ideally, you should !

Originally posted by Rajkumar balakrishnan:
.
What should i do inorder to maintain proper session tracking with my users?
Please give me some links that handle session mechanism in Servlet and JSP as well...
Because combining both will be a best practice(I've heard it somewhere else.... )


Googled this topic , and you find plenty of information !
Rajkumar balakrishnan
Ranch Hand

Joined: May 29, 2008
Posts: 445

I googled it and ofcourse find a lot.. I don't want to track the session with the use of cookie... Thats why i post my problem here... I thought that ranchers help me regarding this.. yes... only ranchers can able to help me..
Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

Why you need session tracking in your web app ,As you are logging in user . So you try to put a unique User ID with each session when user logged in and perform whatever operations the user wants to perform !
Rajkumar balakrishnan
Ranch Hand

Joined: May 29, 2008
Posts: 445

Originally posted by Sagar Rohankar:
Why you need session tracking in your web app ,As you are logging in user . So you try to put a unique User ID with each session when user logged in and perform whatever operations the user wants to perform !




Because for my system there is only one admin.. While i login as a admin and at the same time my colleague who is next to me also login as admin.. with the same username and password.. :shocked:

That's the reason why i need a session tracking...I put their user name as session ID and how do i perform a check whether the user session of particular user is already in use!!!
Seetharaman Venkatasamy
Ranch Hand

Joined: Jan 28, 2008
Posts: 5575

Originally posted by Rajkumar balakrishnan:

While i login as a admin and at the same time my colleague who is next to me also login as admin.. with the same username and password.. :shocked:


That is called concurrency effect. if you want to controll that
then you need to code server side. you need to compare every session username with database fields(you need to create according to the scenario).

Hope This help
Rajkumar balakrishnan
Ranch Hand

Joined: May 29, 2008
Posts: 445

Originally posted by seetharaman venkatasamy:


That is called concurrency effect. if you want to controll that
then you need to code server side. you need to compare every session username with database fields(you need to create according to the scenario).

Hope This help


Yes i kick away the problem by adding these fields to DB and check it.. Then it works perfect..
But my problem is when user close the browser accidentally then he can't able to re-login with the same session...

Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

Originally posted by Rajkumar balakrishnan:



Because for my system there is only one admin.. While i login as a admin and at the same time my colleague who is next to me also login as admin.. with the same username and password.. :shocked:

That's the reason why i need a session tracking...I put their user name as session ID and how do i perform a check whether the user session of particular user is already in use!!!


One way to tackle such kind of problem is, you can use context (application scoped) map , with key as a unique User ID (lets say 'admin') and value will be any damn object you want to associate with that user (may be session ID , to track user activity ) . Now every time user logged in we check the map , to make sure that the same User is not logged in the app , if the key is happened to be present, we redirect it to error (or welcome page) with appropriate error message !
Rajkumar balakrishnan
Ranch Hand

Joined: May 29, 2008
Posts: 445

Yup i do some research and will be back after i found any problems.....
Rajkumar balakrishnan
Ranch Hand

Joined: May 29, 2008
Posts: 445

Here is the problem my friends..I put the session values such as name and session ID in a Hash Map.. And when the user log in it checks for the HashMap and if the username already exists it throw an error message.. If not then add the value..But the problem is when i try to retrieve the value from HashMap it always display it as null....Here is my code.....

Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

Where you define HasMap 'hm' object ?
Rajkumar balakrishnan
Ranch Hand

Joined: May 29, 2008
Posts: 445

Originally posted by Sagar Rohankar:
Where you define HasMap 'hm' object ?


At the top of my LoginModel class.....


Like this...
Rajkumar balakrishnan
Ranch Hand

Joined: May 29, 2008
Posts: 445


[ August 06, 2008: Message edited by: Rajkumar balakrishnan ]
Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

As I said earlier you need to define object in context ( Application) scope , so that on any page or at login page we can check for the already logged in user !

So defined that object in (you have to implement it ) ..

The best way to understand is , go through this example (check Session Monitor part ) It helps you in great , really a good work !
Rajkumar balakrishnan
Ranch Hand

Joined: May 29, 2008
Posts: 445

Its hard to implement that as i need to change my whole project structure....
If there is a possible alternative please suggest it to me...
Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

Originally posted by Rajkumar balakrishnan:
Its hard to implement that as i need to change my whole project structure....


No, its not at all hard to make it possible, you need to put some more class file in you project , If you can do that I have following steps to follow !

1. Make listener class which implements ServletContextListner
2. override the contextIntialized() method , where you need to define a HashMap object and set into context scope ..



If you are OK with this , in you Login Servlet , check the incoming user id and with the existing user id present in the map, if not present then put it into map and forward to welcome ( or menu page )else forward to error page.



Study this two classes and its not that hard !
Originally posted by Rajkumar balakrishnan:

If there is a possible alternative please suggest it to me...

Presently I don't know any other method !
Rajkumar balakrishnan
Ranch Hand

Joined: May 29, 2008
Posts: 445

I check it out and back if there is any problem...
[ August 07, 2008: Message edited by: Rajkumar balakrishnan ]
Rajkumar balakrishnan
Ranch Hand

Joined: May 29, 2008
Posts: 445

I go through the Session Monitor file.. But my problem still not solved.. OK... Let me to explain the problem.. When i run the session monitor for a single user it runs fine..But if the same user is log in means then it allows them.(ie.. At a time two instance of a single user(like admin and admin)).. this is what my problem.how could i solve this.. How could i stop him...
Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

Which example you are using , I mean If you are using one from the link which I provided , then there is no logic of checking already logged in user OR If you are using the two files which I provided then , As per my guess there should not be any problem !

Or you may missed out somethings , like,

Have you add <listener> tag in DD for ServletContextListner class ?
Rajkumar balakrishnan
Ranch Hand

Joined: May 29, 2008
Posts: 445

Yes the link that you provided only. The Session Monitor. At the same time more than two user with the same user name (yes as admin) can able to login and this is what the problem i faced with my project. Please help me ranchers. Let me know if there is any other way
Sagar, I add the listener class in my DD..
Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

Then don't implement it ( or rather not now) , as I already said that the SessionMonitor does not implement your need , you have to study it as per your requirement ,,


To get going, you can use my posted code .. and this code is part of your Login Servlet , i.e the servlet (action ) which authenticate the user



What you really need is to understand the code , and what they exactly affect your application !
Rajkumar balakrishnan
Ranch Hand

Joined: May 29, 2008
Posts: 445

Originally posted by Sagar Rohankar:
Then don't implement it ( or rather not now) , as I already said that the SessionMonitor does not implement your need , you have to study it as per your requirement ,,


To get going, you can use my posted code .. and this code is part of your Login Servlet , i.e the servlet (action ) which authenticate the user



What you really need is to understand the code , and what they exactly affect your application !


I just try to understand... And my problem is how i store the session id in the hash map.. Using ContextListener .. I add the listener tag in DD and still its empty HashMap is displayed. What is the problem... Please help me...

Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

I add the listener tag in DD and still its empty HashMap is displayed. What is the problem... Please help me..


The HasmMap initially remains empty when application starts , but once the user successfully login, the hashmap contains an entry for that user .!


Where you exactly facing the problem ? Where you are getting empty hashmap, post that code here!
Rajkumar balakrishnan
Ranch Hand

Joined: May 29, 2008
Posts: 445

Sure..... I fix it guys.... The code that you given is not working for me(Sorry with my project).. So i try to find an alternate or try sometime to get it worked......
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Session Management Still weird
 
Similar Threads
question regarding maintaining session
Target login page after timeout
Form based authentication - problem
How to get the users current object after session time out
Session time out error