This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Servlets and the fly likes Session Management Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Session Management" Watch "Session Management" New topic
Author

Session Management

Anand Gondhiya
Ranch Hand

Joined: Feb 24, 2004
Posts: 155
Hi,

Can anybody explain how exactly you would stop user accessing the information once he has logged out ?

I know that you can do session.invalidate(). but it doesn't work for me or I don't know how exactly to use it.

Could anybody explain little bit and give example for this ?

Thanks
-Anand.
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

I do it by putting an object in session when the user logs in.
Then, using a filter, I check for the existence of that object in all of the pages. If the object is null, which it will be if the session gets invalidated, then I redirect them to the login page.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Anand Gondhiya
Ranch Hand

Joined: Feb 24, 2004
Posts: 155
Can you give the piece of code for this ??
Also , I am not aware of this "filter"

Could you give little more details ?

I appreciate your help thanks
Rick Beaver
Ranch Hand

Joined: Dec 14, 2004
Posts: 464
Are you using JSP? If so you can use session.setAttribute() to store some object in the session you can reference later.

For example once someone has logged in successfully you could do:



or whatever

then on each page you want to secure content for just do something like:



That should work.


ph34r my 133t j4v4 h4><0r1ng sk177z
Anand Gondhiya
Ranch Hand

Joined: Feb 24, 2004
Posts: 155
And, when somebody logs out , do this:

session.setAttribute("loggedin","no") or session.setAttribute("loggedin",null) ??
Eugene Lucash
Ranch Hand

Joined: Feb 19, 2005
Posts: 77
There is another issue on Session management

you can make class like this

package webapp;
import javax.servlet.http.*;
public class SessionListener implements HttpSessionListener {
public SessionListener(){}
public void sessionCreated(HttpSessionEvent sessionEvent) {
HttpSession s = sessionEvent.getSession();
//here you can do something when session is created
}
public void sessionDestroyed(HttpSessionEvent sessionEvent) {
HttpSession s = sessionEvent.getSession();
//here you can do something when session is destroyed
}
}

and register this listener in web.xml
<web-app>
......
........
<listener>
<listener-class>webapp.SessionListener</listener-class>
</listener>
..........
....
</web-app>

Hope this will give some insights
[ February 24, 2005: Message edited by: Eugene Lucash ]
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Originally posted by Anand Gondhiya:
And, when somebody logs out , do this:

session.setAttribute("loggedin","no") or session.setAttribute("loggedin",null) ??


All you really need to do is invalidate the session and all the attributes will be destroyed.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Session Management
 
Similar Threads
How the validation is done in JSF?
iIlegal Argument Exception
Explanation of this
how to deploy entitybean in weblogic 7.0
Session Management