• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How to invalidate user's session forcefully

 
Vymokesha Jagwani
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,

I want to invalidate user's session when user log in from different remote location in web application.I have session ID and user name of particular user so when i try to use like this HttpSessionContext context=request.getSession().getSessionContext();
context.getSession(sessionID).invalidate();
this is giving null pointer.
and according to sun this method is depreciated for security reason.
so kindly is there any alternative way we have many thing like remote ip address,SessionListner,ContextListner etc.

thanks in advance....
 
Sagar Rohankar
Ranch Hand
Posts: 2908
1
Spring Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The best method to invalidate session or not allowing a user to have more than one session, is to create the context scoped map and store the session id and all the relevant info of user into the map. Whenever the user creates the new session just check whether the user is present in the context map or not.
 
Vymokesha Jagwani
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i Have do like this

HttpSession session = se.getSession();
ServletContext context = session.getServletContext();
HashMap activeUsers = (HashMap)context.getAttribute("activeUsers");
activeUsers.put(session.getId(), session);
context.setAttribute("activeUsers", activeUsers);


in sessionCreated method of sessionListner in i successsfully get the list of active user's name and there session id but when i do like that

HttpSessionContext context=request.getSession().getSessionContext();
ServletContext sc=request.getSession().getServletContext();
HashMap activeUsers = (HashMap)sc.getAttribute("activeUsers");
HttpSession session=request.getSession();
if(activeUsers.containsKey(this.sessionID)==true){
session.invalidate();
}

it will not allow and through excapetion org.apache.jasper.JasperException
so here is tricky one .so how solve here .

thank you very much .
 
Sagar Rohankar
Ranch Hand
Posts: 2908
1
Spring Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Use the code tag, like I use.

Vymokesha Jagwani wrote:


What is this.sessionID, don't you think you have to use session.getId()

Vymokesha Jagwani wrote:
it will not allow and through excapetion org.apache.jasper.JasperException


post the full stack trace while reporting the exception.
 
Vymokesha Jagwani
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
basically this.sessionId is the selected user's sessionId which is comming from jsp page ...
 
Sagar Rohankar
Ranch Hand
Posts: 2908
1
Spring Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Then you've to validate that session id, I mean, are you sure that id is coming from JSP is same as that of existing users and not newly created by JSP.
 
Pat Farrell
Rancher
Posts: 4803
7
Mac OS X VI Editor Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Vymokesha Jagwani wrote:I want to invalidate user's session when user log in from different remote location in web application


Others have helped you make progress on how to do this, but I want to ask what you are trying to do, really, and why you think this is a good idea?
What do you mean, multiple logins? How about two or more windows in a Firefox or Chrome browser? How about people who run both Firefox and Chrome, which are separate applications, on the same computer? What about shared IP connections on separate computers? Can I log into your application with my desktop computer and my iPad?
 
Vymokesha Jagwani
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
okay i am telling you the actually scenario. my requirement is that i am administrator and multiple users login through remote locations, i want to monitor the users so i want to keep access to show me list of active users and which i have done and also access to invalidate that particular user.and this.sessionId is conformed coming from jsp.
I have also mention that i used http sessionContext's method getSession(String sessionID) but which is depreciated.
 
Sagar Rohankar
Ranch Hand
Posts: 2908
1
Spring Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Vymokesha Jagwani wrote:...and also access to invalidate that particular user.and this.sessionId is conformed coming from jsp.


I don't know how have you design your servlet/action, but if you're getting the id from JSP as a request param, then simply do something as follow
 
Pat Farrell
Rancher
Posts: 4803
7
Mac OS X VI Editor Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Vymokesha Jagwani wrote:okay i am telling you the actually scenario. ....


I can't make you answer my questions, but you have not addressed them at all.

1) What do you mean, multiple logins?
2) How about two or more windows in a Firefox or Chrome browser?
3) How about people who run both Firefox and Chrome, which are separate applications, on the same computer?
4) What about shared IP connections on separate computers?
5) Can I log into your application with my desktop computer and my iPad?

I believe that any real set of requirements has to specifically decide answers to these five questions, and the many additional ones that are related.
 
Vymokesha Jagwani
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
ofcourse it is web based application
1) multiple logins?
2) How about two or more windows in a Firefox or Chrome browser?
3) How about people who run both Firefox and Chrome, which are separate applications, on the same computer?
4) What about shared IP connections on separate computers?

where from user login and i can as admin invalidate his/her session.
 
Pat Farrell
Rancher
Posts: 4803
7
Mac OS X VI Editor Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I give up. You have still not begun to answer the specific questions. Echoing them is not the same as answering them.
 
Vymokesha Jagwani
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i have told that my application behavior is like that all 4 things are there.if you still don't get than i will explain you my scenario.
 
Sagar Rohankar
Ranch Hand
Posts: 2908
1
Spring Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Vymokesha, what Pat is trying to convey is that how would you take care of different scenarios arises from, say, e.g opening two different browser, in that case, do you want to invalidate the session running on one browser and keeping it alive on second ?

Have you designed the code considering all the possible situations mentioned by Pat.
 
Vymokesha Jagwani
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sagar Rohankar exactly means i am admin and i have right to invalidate a particular user who has login.let supoose i am admin and two other user A and B are login from different machine now i want to kill the session of user B so just click on b and it will be logged off or redirect login page.
 
David Newton
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
 
Pat Farrell
Rancher
Posts: 4803
7
Mac OS X VI Editor Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Vymokesha Jagwani wrote: i am admin and i have right to invalidate a particular user....


No one is arguing that you don't have the power or right to do what you want. But you are asking in a technical help forum and not asking for technical help, and not answering the questions that are being raised in an attempt to have you detail the real requirements. I expect that you will not find the solutions that you are looking for here. You will need to hire a professional programmer to do the development that you wish.

While I can only guess at your real requirements, I expect that the professional will take a fair amount of time and effort to develop what you want, since you don't seem to be able to discuss any details of your requirements.

Best of luck to you.
 
Vymokesha Jagwani
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
dear respected Pat Farrell i have solved my problem......so thanks a lot.
 
I do some of my very best work in water. Like this tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic