I have a JSP page that tracks all of the current sessions for administration purposes. Lets say that I currently see 5 active sessions (5 users on my website). Session #1 has sessionID: aki31Y5Uy45d. I want to know how can I manually end session #1. I tried application.removeAttribute("aki31Y5Uy45d") but it did not work. [ October 16, 2003: Message edited by: Steve Su ]
Originally posted by Jeanne Boyarsky: Steve, You can use session.invalidate() to do that.
Yes, and the container takes care of the current session you're working on, so you don't have to deal with sessionIDs
I'm not going to be a Rock Star. I'm going to be a LEGEND! --Freddie Mercury
Sainudheen Mydeen
Ranch Hand
Joined: Aug 18, 2003
Posts: 218
posted
0
I think Steve wants to invalidate one session out of 5 active sessions present in the container through a seperate JSP program which is monitoring the active sessions. Is that possible with session.invalidate() ? -Sainudheen
Andres Gonzalez
Ranch Hand
Joined: Nov 27, 2001
Posts: 1561
posted
0
Originally posted by Sainudheen Mydeen: I think Steve wants to invalidate one session out of 5 active sessions present in the container through a seperate JSP program which is monitoring the active sessions. Is that possible with session.invalidate() ? -Sainudheen
session.invalidate() invalidates the current session associated with *that* request.
So Steve's question is still not answered. His JSP page is an administration page for the web server. Doesn't the Web server already have such a maintenance page? I don't think that JSP or Servlets in this case should have security access to other people's sessions, that would be scary in the real world. That would mean I could go to someone's web server get a list of all the sessions and kill people's sessions that I don't even know. Good Hacking tool there. Mark
Steve, There is a way of getting the HttpSession Object using the getSession(java.lang.String sessionID) method of the HttpSessionContext interface. You can also get the list of all session IDs using the getIDs method of the HttpSessionInterface. But these methods are deprecated in the Servlet 2.1 API and would be removed from the future versions of Servlet API. Cheers Praveen
Praveen Garimella
Steve Su
Greenhorn
Joined: Oct 16, 2003
Posts: 4
posted
0
Originally posted by Sainudheen Mydeen: I think Steve wants to invalidate one session out of 5 active sessions present in the container through a seperate JSP program which is monitoring the active sessions. Is that possible with session.invalidate() ? -Sainudheen
Yes, that is what I want to do, which I don't think session.invalidate() would work in this case. My purpose of doing this is to track down somebody who logged in, made change #1 to his cart, closes the browser without logging out, logs back in before his first session times out, makes change #2 to his cart, and this time logs out properly using the logout button (this is the only place where I am able to invalidate the user). I use HttpSessionBindingListener to update my DB (user's cart) when the user logs off. The problem with the above scenario is that change #2 will go into effect immediately, and then change #1 will go into effect when the user's first session ends (~30 min. later), which is the reverse of the user's intention (change #2 to be the final change). My solution around this was to track all of the users who currently has an active session. Once I caught a user trying to log in again before his first session ends, I will help end his first session (which will make the user's change #1 go into effect right away) and allow him to start a new session. The problems comes with trying to end a specific session out of a list of active sessions. I could have accomplish the task if I was able to capture of closing of the browser event, but apparently after searching through JavaRanch and else where the propose methods do not work. For instance, onBeforeUnload would not work because in addition to closing the browser, refreshing the browser or leaving the browser would also trigger the onBeforeUnload event. Sorry for being so lengthy! Any suggestions?
Sunil Karumuri
Greenhorn
Joined: Oct 20, 2003
Posts: 3
posted
0
Not sure if this is a good idea but definitely worked for us. Create a data structure to store user information and add it to session during logon. Add refereneces of session objects to a somekind of list (Arraylist) and store this list in Application object. You now have access to all session objects and can call session.invalidate() on the selected session isntance and delete from list. Make sure you delete the session instance from the list when the session times out using HttpSessionBindingListener
Amit Chandak
Greenhorn
Joined: Sep 28, 2003
Posts: 9
posted
0
may be what you can do is add a listener so that your session object is persisted to the database each time an item is added/removed from the cart....
I think Sunil has a good idea. Maybe you can store a user_id in the session, then when you want to find which is their old session, you go through the sessions, find the one with that users id, then end that session. the sessions could be in an ArrayList holding their references. Not positive if it will work, but sounds like a good idea. Mark
Stan James
(instanceof Sidekick)
Ranch Hand
Joined: Jan 29, 2003
Posts: 8791
posted
0
I recall working on a system that kept a db entry keyed by user identity (userid) and holding a session id. If you did the scenario above the first session would write a db entry with a session id, the second session would overwrite it with another session id. Only the current session id can do any updates, so if the first session attempted an update at expire time, it would not match the db entry and would be ignored. The effect our user saw was that if they logged on one machine, then walked across the office and logged on another, the first machine no longer worked.
A good question is never answered. It is not a bolt to be tightened into place but a seed to be planted and to bear more seed toward the hope of greening the landscape of the idea. John Ciardi
0
Good Hacking tool there.