Win a copy of Learn Spring Security (video course) this week in the Spring forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Any ideas on control session management

 
Jean Miles
Ranch Hand
Posts: 53
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
when user opens several IE browser and attempts to lanuch on same application in each browser window. (client or server side management or both and how)
 
Marty Hall
Author
Ranch Hand
Posts: 111
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am not sure I understand the exact question, but you realize that persistent cookies (cookies where you setMaxAge) are shared across multiple IE windows?
Cheers-
- marty
 
Jean Miles
Ranch Hand
Posts: 53
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry about my question being vague, I guess what I am trying to ask if I can control the number of sessions an user can initiate in one web application. Can I code Javascript to manage that or on server-side?
[ November 13, 2003: Message edited by: Jean Miles ]
[ November 13, 2003: Message edited by: Jean Miles ]
 
Ko Ko Naing
Ranch Hand
Posts: 3178
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here is how to set the maximum amount of sessions in a web application in Resin's container...
http://www.caucho.com/resin-3.0/config/webapp.xtp#session-config
I think the control over sessions is container-dependent... I think you should check the manual of the container you use...
 
Marty Hall
Author
Ranch Hand
Posts: 111
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I guess what I am trying to ask if I can control the number of sessions an user can initiate in one web application.

I am still not sure I understand the question. If the user comes back to the container within the session timeout and without quitting his browser, they will not get any more sessions -- they will get the same one. If one user is getting multiple sessions, then you have to ask why.
  • Because they have cookies disabled? Then I suspect you cannot detect that they are the same user, so you cannot limit the number of sessions.
  • Because the session timed out? You can change the session timeout with setMaxInactiveInterval (or in some more general way using server-specific settings).
  • Because the user quit the browser? Normally, you want that to end the session, but you could read the incoming JSESSIONID cookie and send it out with a max age so that sessions persist even when the browser is quit.


  • Or did you really mean you wanted to limit the amount of data that would be stored for a user within their single session object?
    Cheers-
    - Marty
     
    Jean Miles
    Ranch Hand
    Posts: 53
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Problem is that I don't want same user in multiple IE windows updating the same data at the same time. So if I can restrict an user to only one session in the application, not multiple then I can solve the problem. However, I couldn't think of another way to handle this other than i keeping track of user session in database. If user has entry in database then send back a message that user has session in another browser window. To make sure database entry is removed, when the session terminates put a listener on session so when it invalidates I removed the entry in the database. However there are problems with this, if the user can close the IE window, the session is active until it timeout in the meantime the user launch another IE window with new session, since the entry is still in the database the code will denied them.
    Then what you said, 'Then I suspect you cannot detect that they are the same user, so you cannot limit the number of sessions.' means I have no solution.
    Thanks so much for those who responsed to my questions. I am relatively new on posting questions in this medium, thanks for your patience.
    [ November 14, 2003: Message edited by: Jean Miles ]
    [ November 14, 2003: Message edited by: Jean Miles ]
     
    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic