Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

session isnew()

 
patidar janak
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i have use is new method to prevent multiple loging using session .IN my application if someone login i create session object using req.getsession()and setAtrribute(userid,userid).when i will logout and again login than isnew() method return false but when i will login another time after logout or restart tomcat server than than isnew method return true but it has written false. what i will do for prventing multiple login using session in java.
[ March 23, 2007: Message edited by: Bear Bibeault ]
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Rather than relying on the isNew property, I test for the existence of an object bound to session.
In your case, you've already said that you bind a userId to session.
Just test for that.
If it is null then the user is not logged in.
If it is not null, then you know they are currently logged in.
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HTTPSession session = request.getSession(false);
Check whether session is null or not.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64835
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I would rely on Ben's approach. In fact, that's exactly how I always do it.
 
John Simpson
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I may be missing something here, but how does binding a user-id to a session prevent multiple logons by a single user to an application?
I can see how it would prevent multiple logins from the same machine (assuming multiple browser windows use the same session) but not from different machines.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64835
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Actually, it doesn't. We haven't progressed that far yet. Getting to reliably tell if one user is logged in needs to be accompished first, and so far it's been pointed out that trying to use isNew() is folly.

Once we get past that hump, then we can start talking about session listeners.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by John Simpson:
I may be missing something here, but how does binding a user-id to a session prevent multiple logons by a single user to an application?


I have yet to see anyone suggest a reliable and reasonable way to prevent multiple logins using the same credentials from different machines in a web application. This conversation has occurred multiple times in this and the JSP forum (but mostly this one).

We have a pretty good search engine now so poke around a bit and see if you can find some of them. Since I always respond the same way to this question, the keyword "reliable" would probably be a good start.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic