Meaningless Drivel is fun!*
The moose likes Servlets and the fly likes Session Management Problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Session Management Problem" Watch "Session Management Problem" New topic
Author

Session Management Problem

Sirish Kumar Gongal Reddy
Ranch Hand

Joined: Oct 25, 2004
Posts: 109
Hello,

I am facing some problem in maintaining the session for each and every user who logs in to the application.

Problem Context:

I have to maintain the session for each user, the session for each user created in database (in Milliseconds). User interaction with the application is exceeds the session time I have to invalidate() his session and I have to take him back to login screen.

getUserSession(userID) = will return me the session value in milliseconds for user based onn his userID.

//I am setting maximum time to session.
Session.setMaxInactiveInterval(getUserSession(userID));

if (session.getMaxInactiveInterval() >= getUserSession(userID)) {
// Go to home page (login page)
res.sendRedirect(m_objURLStartPoint.toString());
Log.ln(m_objURLStartPoint.toString());
return true;
}
}

if (session.getMaxInactiveInterval() >= getUserSession(userID)) condition is working I suppose.

Any idea how can I compare the session.

Thanks!
Sirish
Anupam Sinha
Ranch Hand

Joined: Apr 13, 2003
Posts: 1088
Session.setMaxInactiveInterval() would do that for you. Just set the timeout here and it will invalidate the session incase the timeout has expired. Or is it I am completely off the hook?
Sirish Kumar Gongal Reddy
Ranch Hand

Joined: Oct 25, 2004
Posts: 109
Hi Anupam,

Thanks for your reply!

Session.setMaxInactiveInterval() is not helping me at all. I am deploying my application on WebSphere 5.X. But Container is not invalidating the sesssion after MaxInactiveInterval is over.
Do you have any other way to kill the user session?

I am trying something like..
if(System.getTimeInMilliSeconds()>= userloggedinTime+UserTime){
session.invalidate();
}
But still same problme, not able to Kill the Session.



Thanks!
Sirish
sathish kumar
Ranch Hand

Joined: Feb 14, 2007
Posts: 47
There are couple of ways you can try out too

In your web.xml file you can set a parameter

<session-config>
<session-timeout>your requirement</session-timeout>
</session-config>

If you have servlet in your architecture

Servlet's init parameter can be set to

<init-param>
<param-name>timeout</param-name>
<param-value>your requirement</param-value>
</init-param>

On a note all times that you set here is based of minutes.
Sirish Kumar Gongal Reddy
Ranch Hand

Joined: Oct 25, 2004
Posts: 109
Satish,

Thanks for your reply!

Web.xml is not suitable solution for me because of I need to maitain different session interval based on the user role. some user will have only 10 min session some user will have 1 hr like that. I am maintaining session time in the Database.

Thanks,
Sirish
Nitesh Kant
Bartender

Joined: Feb 25, 2007
Posts: 1638

Originally posted by Sirish Kumar GongalReddy:
But still same problme, not able to Kill the Session.

Hi Sirish, how do you determine that the container has not killed the session?
If you do request.getSession(), and if the older session has expired, then the container will create a new session.
Try request.getSession(false) and check whether the returned session object is null. If so, that means the session is invalidated.


apigee, a better way to API!
Deepak Bala
Bartender

Joined: Feb 24, 2006
Posts: 6657
    
    5

Have you tried setting max age ?


SCJP 6 articles - SCJP 5/6 mock exams - More SCJP Mocks
sathish kumar
Ranch Hand

Joined: Feb 14, 2007
Posts: 47
some user will have only 10 min session some user will have 1 hr like that.

this might not fit your need but am still putting it-

Try controlling the routing from the JSP end.
AM assuming the user-role is in the session of the JSP.
JSTL has a tag that give you session information.

For example in your JSP

<%@ taglib uri="http://java.sun.com/jstl/core" prefix="javaranch" %>
..,
..,
......
${pageContext.session.creationTime} returns the value of when the session was created, in the JSP write a small scriplet that will redirect it to login page when a time has reached.
Sirish Kumar Gongal Reddy
Ranch Hand

Joined: Oct 25, 2004
Posts: 109
John,

Thanks for your reply!

I am not using cookies at all. Just I need to invalidate user session if user exceeds his assigned time.

All my solutions are not working and not able to kill the session and I have tried by getting System time too.

Just I need a condition check something like.....

assignedTime come from database.
How to caluculate userAccessedTime?
I am trying something like....
session.getLastAccessedTime()+ userAssignedTime = userAccessedTime (I feel it's not right way....Any idea great help)


if(userAccessedTime > assignedTime){
session.invalidate();
rd.sendRedirct("loginpage");
}

Any idea? Thanks!

Regards,
Sirish
Gobind Singh
Ranch Hand

Joined: Aug 04, 2006
Posts: 61
Is it because the value you are passing to setMaxInactiveInterval() is in milliseconds but it expects it in SECONDS. So it will take longer to expire. Try converting your milliseconds to seconds before passing to the setMaxInactiveInterval() method.
Deepak Bala
Bartender

Joined: Feb 24, 2006
Posts: 6657
    
    5

I am not using cookies at all


Once you start a session it can either be maintained through a cookie or via URL rewriting. The inactive interval and the max age values should help or the DD should be able to assist you in this regard. Dont try to calculate the time yourself since it can be confusing and harder to maintain. Also the next time you ask for a session make sure you dont request the container to create a new session. Check the JSessionID headers to be sure that the sessions are the same. Another way to check if your session was killed is to bind objects to your session and check if they get unbound when they are invalidated. Then there is also the HttpSession listener. You could make use of that as well.
Sirish Kumar Gongal Reddy
Ranch Hand

Joined: Oct 25, 2004
Posts: 109
Thanks Guys for your continious help!!

Finally I have close my issue and I caluculated session time my self.

On the other hand I have another problem is that,

1) If the user is still keep on intaracting with the server irrespective of his assigned time and he enter some data on the page (page is an Applet) the movement when he pressed SAVE button (Applet will call Servlet)his session will be invalidate because he already exceeds his assigned time.

But what I would like to do is,

(1) I need to save his data even though if he exceeds his time and then session has to be invalidated.

Any best ideas to implement this?

Many Thanks,
Sirish
Deepak Bala
Bartender

Joined: Feb 24, 2006
Posts: 6657
    
    5

Any best ideas to implement this?


In the servlet where he saves his stuff process his info and then invalidate the session.
Sirish Kumar Gongal Reddy
Ranch Hand

Joined: Oct 25, 2004
Posts: 109
John,

The servlet will persist users data in the Database.

The process is like..

1) User will log on to the application. (His session started..now)

2) He want to edit some data so he will select the wanted page and then the page will download to local browser. (In my case the page is an Applet)

Generally once the Applet will download to local brower there is now connection will maintained between browser and server until user perform some external task like save,edit,delete....)

3) he edited some of his data by sitting couple of hours the movement he prss SAVE system will invalidate his session becuase his max session is 1 hr. But I want to save his work and then I want to invalidate his session even though he exceeds his session or I would like to prompt the user with warning before 10 min of his session expiry time.

How can I communicate with Applet from servlet to prompt the user or vice versa?

Any idea will be great help!

Many thanks,
Sirish
Pravin Jain
Ranch Hand

Joined: May 20, 2007
Posts: 60
Hi Sirish,

while setting the applet to the browser, you may include
the session timeout value as a parameter in the applet tag.
Then the applet can use this in its init method to start
a timer which may expire just 10 minutes(as per your requirement)
before the session timeout value. You could then trigger
a save request to the servlet from the browser, before its
session expires.

Hope this works for you.

Pravin


The Zen of Java Programming.
Sirish Kumar Gongal Reddy
Ranch Hand

Joined: Oct 25, 2004
Posts: 109
Thanks Pravin!

Let me try with your solution.

Many thanks,
Sirish
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Session Management Problem
 
Similar Threads
session Problem.
problem in session tracking inside my request processor....
redirecting to a new page when session expires
redirecting to a new page when session expires
Session Security