aspose file tools*
The moose likes Servlets and the fly likes maintining two sessions in same browser window Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "maintining two sessions in same browser window " Watch "maintining two sessions in same browser window " New topic
Author

maintining two sessions in same browser window

Jagdeep Sharma
Ranch Hand

Joined: May 24, 2010
Posts: 121

Guys,

I have my web application in J2EE. What i want to do is, when somebody logs in (in the same browser using different tab where other guy is already logged in) he should be able to login and other's session should be expire giving some message. Currently if somebody is already logged in and some other guys tries to log in. Login page is not shown to him instead he is taken to inside pages of already logged in user.

Please advice me on that.

Thanks in advance
Raghavan Muthu
Ranch Hand

Joined: Apr 20, 2006
Posts: 3344

Hi Jagdeep,

As far as I am concerned, this is in control of the browser. I have not come across peopel doing it manually. However, you can track with presence of existing user in session with respect to the clients IP. I think this way you can redirect the second user to the login page.


Everything has got its own deadline including one's EGO!
[CodeBarn] [Java Concepts-easily] [Corey's articles] [SCJP-SUN] [Servlet Examples] [Java Beginners FAQ] [Sun-Java Tutorials] [Java Coding Guidelines]
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336


However, you can track with presence of existing user in session with respect to the clients IP

The client's IP address is frequently likely to be the address of the proxy server they access your server through, so a range of people could have the same IP address.

The only way I can think of doing this is to add some extra variable in the request that identifies this is a different tab. If the page you served was JavaScript that redirected with some unique id which you then used to invalidate the session, that might do it. But if you decided to do this, you have to wonder why you are using the session at all? Do you often have two distinct people accessing the same application via the same browser concurrently?


JavaRanch FAQ HowToAskQuestionsOnJavaRanch
Jagdeep Sharma
Ranch Hand

Joined: May 24, 2010
Posts: 121

Paul Sturrock wrote:

However, you can track with presence of existing user in session with respect to the clients IP

The client's IP address is frequently likely to be the address of the proxy server they access your server through, so a range of people could have the same IP address.

The only way I can think of doing this is to add some extra variable in the request that identifies this is a different tab. If the page you served was JavaScript that redirected with some unique id which you then used to invalidate the session, that might do it. But if you decided to do this, you have to wonder why you are using the session at all? Do you often have two distinct people accessing the same application via the same browser concurrently?



Thanks for reply Paul and Raghavan


What i want is gmail like functionality.
1. You login on gmail with some username and password
2. Open another tab open gmail (it wont ask for login). now in this tab logout and login with different username and password.
3. No open previous tab where you already opened it. Now try to compose a mail and try to submit it. It will show you error.

I want to implement similar kind of functionality.

Thanks in advance
amit punekar
Ranch Hand

Joined: May 14, 2004
Posts: 507
Hello Jagdeep,
I think you have answered the question in your email itself.
2. Open another tab open gmail (it wont ask for login). now in this tab logout and login with different username and password.


This is not same as what you have asked in your email. You want user to log himself out manually by clicking the logout. If you also implement in the same way then in your case as well when you go back to the earlier tab you would see the login box. Of course, I presume that you have implemented the login functionality and checking the request by whichever means for user's logged in status.

Regds,
Amit
Jagdeep Sharma
Ranch Hand

Joined: May 24, 2010
Posts: 121

amit punekar wrote:Hello Jagdeep,
I think you have answered the question in your email itself.
2. Open another tab open gmail (it wont ask for login). now in this tab logout and login with different username and password.


This is not same as what you have asked in your email. You want user to log himself out manually by clicking the logout. If you also implement in the same way then in your case as well when you go back to the earlier tab you would see the login box. Of course, I presume that you have implemented the login functionality and checking the request by whichever means for user's logged in status.

Regds,
Amit




Hello Amit,

I think you misunderstood my question. Please correct me if i am wrong. Let me explain it further.

1. You login on gmail with some username and password for user X and here i can see my homepage.
2. Now Open another tab open gmail (it wont ask for login and directly takes you to the homepage). now in this tab logout(remember in previous tab homepage is still there) and login with different username and password for user Y and it takes you to the respective homepage.
3. Now open previous tab where you are homepage of user X and try to compose a mail and sent it. You will get error because user Y is already logged in.


Now suppose i am using "isLogged" session variable to track user. Then in normal scenario(forget above steps) user X will be treated as user Y as server session will find "isLogged" session variable to be true because user Y is already logged in and all the things will be working fine.

This is what i know. Please correct me if i am wrong. Advice me how to achieve my functionality.







Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

Outside of a testing environment, will anyone need this functionality? Like I asked before (and I'm only asking again to save you some work) do you often have two distinct people accessing the same application via the same browser instance concurrently?

If you rely on the session alone to tell you if someone is logged in you can't do this. A browser shares sessions across all tabs (and other instances of the browser under certain conditions). So you need to add some way to identify the tab as well. This can be done (like I said) by injecting an extra variable in the request (via JavaScript). But to my mind this is quite a bit of work for a relatively odd requirement. Are you sure you need it?
Ashutosh M Kulkarni
Ranch Hand

Joined: Jun 07, 2010
Posts: 41

I am as concerned as Paul to analyze your need for such a requirement.

I admit what you are trying to do is quite a feature in itself and I guess it could earn you a few extra points if you were to submit an academic project (that's the only suitable use I see to this feature).

But, as Amit rightly pointed out, You are doing a manual logout action when in gmail. Like when you load another gmail tab and it doesn't ask you for username, the same way your app too takes the user to the inside pages of already logged in user (that's what your first post was about). Your expectations are different from your gmail scenario. In your case, if you opened a new tab, shot in the URL, it gives you the logged in user's page; and if you provide the logout feature that you can use from second tab, it will give you the login page (or error page if you made one) on the first tab.

Please verify the relativity of your need and examples, so it helps others understand the situation properly.

Thanks.


SCJP 6, next stop - OCPJWCD!
arun adad
Greenhorn

Joined: Feb 03, 2011
Posts: 3
Ashutosh 'camelCase' Kulkarni wrote:I am as concerned as Paul to analyze your need for such a requirement.

I admit what you are trying to do is quite a feature in itself and I guess it could earn you a few extra points if you were to submit an academic project (that's the only suitable use I see to this feature).

But, as Amit rightly pointed out, You are doing a manual logout action when in gmail. Like when you load another gmail tab and it doesn't ask you for username, the same way your app too takes the user to the inside pages of already logged in user (that's what your first post was about). Your expectations are different from your gmail scenario. In your case, if you opened a new tab, shot in the URL, it gives you the logged in user's page; and if you provide the logout feature that you can use from second tab, it will give you the login page (or error page if you made one) on the first tab.

Please verify the relativity of your need and examples, so it helps others understand the situation properly.

Thanks.


yes i agree your point
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: maintining two sessions in same browser window
 
Similar Threads
Validating Multiple LOgin....
logout by disabling back button
Avoid login page for already logged in user
Check if user is logged in w/out scriptlets
Restrict Login from Multiple Sessions