| Author |
session isnew()
|
patidar janak
Greenhorn
Joined: Mar 12, 2007
Posts: 6
|
|
i have use is new method to prevent multiple loging using session .IN my application if someone login i create session object using req.getsession()and setAtrribute(userid,userid).when i will logout and again login than isnew() method return false but when i will login another time after logout or restart tomcat server than than isnew method return true but it has written false. what i will do for prventing multiple login using session in java.
[ March 23, 2007: Message edited by: Bear Bibeault ]
|
 |
Ben Souther
Sheriff
Joined: Dec 11, 2004
Posts: 13410
|
|
Rather than relying on the isNew property, I test for the existence of an object bound to session.
In your case, you've already said that you bind a userId to session.
Just test for that.
If it is null then the user is not logged in.
If it is not null, then you know they are currently logged in.
|
Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
|
|
Rahul Bhattacharjee
Ranch Hand
Joined: Nov 29, 2005
Posts: 2300
|
|
HTTPSession session = request.getSession(false);
Check whether session is null or not.
|
Rahul Bhattacharjee
LinkedIn - Blog
|
|
Bear Bibeault
Author and ninkuma
Marshal
Joined: Jan 10, 2002
Posts: 56179
|
|
|
I would rely on Ben's approach. In fact, that's exactly how I always do it.
|
[Smart Questions] [JSP FAQ] [Books by Bear] [Bear's FrontMan] [About Bear]
|
|
John Simpson
Ranch Hand
Joined: Nov 28, 2005
Posts: 30
|
|
I may be missing something here, but how does binding a user-id to a session prevent multiple logons by a single user to an application?
I can see how it would prevent multiple logins from the same machine (assuming multiple browser windows use the same session) but not from different machines.
|
|
Bear Bibeault
Author and ninkuma
Marshal
Joined: Jan 10, 2002
Posts: 56179
|
|
Actually, it doesn't. We haven't progressed that far yet. Getting to reliably tell if one user is logged in needs to be accompished first, and so far it's been pointed out that trying to use isNew() is folly.
Once we get past that hump, then we can start talking about session listeners.
|
|
Ben Souther
Sheriff
Joined: Dec 11, 2004
Posts: 13410
|
|
Originally posted by John Simpson:
I may be missing something here, but how does binding a user-id to a session prevent multiple logons by a single user to an application?
I have yet to see anyone suggest a reliable and reasonable way to prevent multiple logins using the same credentials from different machines in a web application. This conversation has occurred multiple times in this and the JSP forum (but mostly this one).
We have a pretty good search engine now so poke around a bit and see if you can find some of them. Since I always respond the same way to this question, the keyword "reliable" would probably be a good start.
|
|
 |
|
|
subject: session isnew()
|
|
|
0
