File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes Session Problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Session Problem" Watch "Session Problem" New topic
Author

Session Problem

Rajeev Ja
Ranch Hand

Joined: May 06, 2007
Posts: 38
hi all,

If a user open a browser and login into the web application.If the same user open another browser and login into the web application.how to send a response to the former browser that please logout user has already logged in.
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

Can't (and shouldn't) be done. Imagine how you would feel if you logged onto a web site that closed other browser instances?

It sounds like what you need is to allow your user to log into your application with only one client. To do this you'll need something like a session table in a database or entry in a file that tracks whose logged in. At login you can check if a session already exists and invalidate it before creating a new one for your user.


JavaRanch FAQ HowToAskQuestionsOnJavaRanch
Chinmaya Chowdary
Ranch Hand

Joined: Apr 21, 2008
Posts: 432
Hi Rajeev.
When we request application it will create only one session id cookie for one particular type of browser. Suppose if we open the application in 2 windows using Firefox, still we get only one session id. If one logout means, another will logout. I think it is not possible.
Rajeev Ja
Ranch Hand

Joined: May 06, 2007
Posts: 38
Is there no way to invalidate the previous session of the user apart from the calling the session expiration in web.xml
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

You don't need to use web.xml. Just call the Session's invalidate method.
James Ward
Ranch Hand

Joined: Apr 27, 2003
Posts: 263
Is there no way to invalidate the previous session of the user apart from the calling the session expiration in web.xml


Here's one way:

Well, whenever a user logs in, store that userid/email and sessionId in a static Hashtable:

So, when user a@a.com logs in a second time, you can see from the Hashtable that he is already login; you overwrite the new sessionId for user a@a.com in Hashtable anyway.

Your Hashtable looks like this now:

When the user a@a.com tries to do something using his first session (sessionIdA); your session-check/validation logic should consult the Hashtable; here it wont find sessionIdA present anymore against the user a@a.com. This clearly indicates that this is a stale session of the user and he must not be allowed to continue.
Balu Sadhasivam
Ranch Hand

Joined: Jan 01, 2009
Posts: 874


It's a pure *overhead* for programmers and servers.
Deepak Bala
Bartender

Joined: Feb 24, 2006
Posts: 6657
    
    5

Well, whenever a user logs in, store that userid/email and sessionId in a static Hashtable:


This will lead to trouble in a clustered environment.

Are you looking for a single sign on solution or do you simply want to prevent multiple logins ? What is the rationale behind including this logic in your app ?


SCJP 6 articles - SCJP 5/6 mock exams - More SCJP Mocks
James Ward
Ranch Hand

Joined: Apr 27, 2003
Posts: 263
This will lead to trouble in a clustered environment.


Good Point - we can store the session information in database OR share this static Hashtable across JVMs via Terracota etc.
Shashank Rudra
Ranch Hand

Joined: Mar 26, 2009
Posts: 131
I think the objective is similar to what you get with gmail.com. For say you open http://gmail.com in a tab in firefox. Here comes the login page asking you to input username and password. You enter them and you are logged in your email account. Now in a separate tab in firefox itself try to open http://gmail.com. This time you will no more see the login page again. As it senses that there is a user already logged in the browser - so it straightaway takes you to the email inbox page.

While logged in the gmail account if you try to open http://gmail.com in separate firefox browser window you will be taken to the email inbox page transcending the enter Username password page.

So how is this being done? May be we can intercept this multiple access scenario and send in response a page with "application has already been invoked." - message.


Programmer Analyst || J2EE web development/design
James Ward
Ranch Hand

Joined: Apr 27, 2003
Posts: 263
So how is this being done?


Cookies/Sessions are shared/available across browsers - depending on how the browser was opened.

When a Browser is opened via an existing Browser instances - via ctrl-T (new tab), ctrl-N (new instance) ; they share Sessions/Cookies.
If a Browser is opened independently, say, Start > Program Files > FireFox - it will not have access to existing cookies/sessions.

When a request reaches GMAIL, it simply checks if a valid Session/Cookie was presented to it, if yes, it shows the mails, else you go to login page.
Shashank Rudra
Ranch Hand

Joined: Mar 26, 2009
Posts: 131
The gmail is tracking its session even if you are opening a new firefox window. By clicking on the exe icon.
James Ward
Ranch Hand

Joined: Apr 27, 2003
Posts: 263
Shashank Rudra wrote:The gmail is tracking its session even if you are opening a new firefox window. By clicking on the exe icon.


Yes, just saw that. In IE it is not so.

Therefore, it is not so much as what gmail is doing; it is how browser instances are sharing cookies between themselves.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Session Problem
 
Similar Threads
Spring GWT Cookie problem in web application
Problem with session management
Spring GWT Cookie problem
tomcat session object problem
enable web access from email url link