File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes session isnew() Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "session isnew()" Watch "session isnew()" New topic
Author

session isnew()

patidar janak
Greenhorn

Joined: Mar 12, 2007
Posts: 6
i have use is new method to prevent multiple loging using session .IN my application if someone login i create session object using req.getsession()and setAtrribute(userid,userid).when i will logout and again login than isnew() method return false but when i will login another time after logout or restart tomcat server than than isnew method return true but it has written false. what i will do for prventing multiple login using session in java.
[ March 23, 2007: Message edited by: Bear Bibeault ]
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Rather than relying on the isNew property, I test for the existence of an object bound to session.
In your case, you've already said that you bind a userId to session.
Just test for that.
If it is null then the user is not logged in.
If it is not null, then you know they are currently logged in.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
HTTPSession session = request.getSession(false);
Check whether session is null or not.


Rahul Bhattacharjee
LinkedIn - Blog
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61603
    
  67

I would rely on Ben's approach. In fact, that's exactly how I always do it.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
John Simpson
Ranch Hand

Joined: Nov 28, 2005
Posts: 30
I may be missing something here, but how does binding a user-id to a session prevent multiple logons by a single user to an application?
I can see how it would prevent multiple logins from the same machine (assuming multiple browser windows use the same session) but not from different machines.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61603
    
  67

Actually, it doesn't. We haven't progressed that far yet. Getting to reliably tell if one user is logged in needs to be accompished first, and so far it's been pointed out that trying to use isNew() is folly.

Once we get past that hump, then we can start talking about session listeners.
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Originally posted by John Simpson:
I may be missing something here, but how does binding a user-id to a session prevent multiple logons by a single user to an application?


I have yet to see anyone suggest a reliable and reasonable way to prevent multiple logins using the same credentials from different machines in a web application. This conversation has occurred multiple times in this and the JSP forum (but mostly this one).

We have a pretty good search engine now so poke around a bit and see if you can find some of them. Since I always respond the same way to this question, the keyword "reliable" would probably be a good start.
 
 
subject: session isnew()