File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes how to forcefully log out in admin module? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "how to forcefully log out in admin module?" Watch "how to forcefully log out in admin module?" New topic
Author

how to forcefully log out in admin module?

shyam ji gautam
Ranch Hand

Joined: Sep 17, 2011
Posts: 48
Dear all



i am making an application in which admin can forcefully log out the online user .
because only one user can login only one time by using same id and password

so my database design is like this table name:user maintenance
colunm name is
userid: flag : logintime :logouttime

algorithms for this is like
1) by default flag is 'y' so when user going to login check it is set to 'y' or when it is log out it will set to 'N'
2)after session time out to set flag i am using listener which set the flag automatically 'Y' after session time out
3) so for me online user = select * from usermaintenance where flag = 'N' which will be seen to admin

but my doubt is that some user directly close the browser and go , so he actually not online but he will be count as online because flag for them is still set to 'N'

SO My concern is that how any java/j2ee approach we can differentiate between real online and such user which can close the browser

thanks
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60992
    
  65

You'll need to rely upon the session timeout.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
olivier dutranoit
Ranch Hand

Joined: Aug 20, 2011
Posts: 81

Question...

How can you know in the HttpSessionListener that a session has timed out?
answer : sessionDestroyed is called...

But...

How can you know that USER A his session is timed out?
When sessionDestroyed is called...the only thing you can retreive, i think, is the session id? right?
the session data is gone.

So, on sessionDestroyed , you don't know who's session is destroyd...

or am i wrong?
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

Not quite right... you get an HttpSessionEvent, from which you can get a reference to the actual HttpSession which has just been destroyed.

And if your application was written to store, say, a User object in that session so that you can tell whose session it was, then you could certainly get a reference to that User object.

However that isn't particularly useful by itself. If the session contained resources which needed to be cleaned up, then this would be the time to do it. However the idea that this would be the time to tell the user that his session had expired is a misguided one, since there isn't any practical way to do that. Not to mention that the user very likely doesn't care anyway.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60992
    
  65

olivier dutranoit wrote:the only thing you can retreive, i think, is the session id? right?

Not right.

Unless you are using a very old version of a servlet container.
Ove Lindström
Ranch Hand

Joined: Mar 10, 2008
Posts: 326

Bear Bibeault wrote:
olivier dutranoit wrote:the only thing you can retreive, i think, is the session id? right?

Not right.

Unless you are using a very old version of a servlet container.


And if you are you have two choices.

1. Upgrade.
2. Store user information with the session id in a persistent storage so that you can look it up.
shyam ji gautam
Ranch Hand

Joined: Sep 17, 2011
Posts: 48
Bear Bibeault wrote:You'll need to rely upon the session timeout.



thanks , but my question is that by using session listener we can
set the flag 'Y' for user A
a)which session is expired by session destroy method ok
b)but what will be happen for those who directly close the browser before session time out and go to outside

so for such type of user flag is always set to be 'N' means they are online but in actual situation they are not online


so how we differentiate such type of user from actual online user like B who follow all rule(don,t close the browser)

thanks
shyam ji gautam
Ranch Hand

Joined: Sep 17, 2011
Posts: 48
Paul Clapham wrote:Not quite right... you get an HttpSessionEvent, from which you can get a reference to the actual HttpSession which has just been destroyed.

And if your application was written to store, say, a User object in that session so that you can tell whose session it was, then you could certainly get a reference to that User object.

However that isn't particularly useful by itself. If the session contained resources which needed to be cleaned up, then this would be the time to do it. However the idea that this would be the time to tell the user that his session had expired is a misguided one, since there isn't any practical way to do that. Not to mention that the user very likely doesn't care anyway.






thanks , but my question is that by using session listener we can
set the flag 'Y' for user A
a)which session is expired by session destroy method ok
b)but what will be happen for those who directly close the browser before session time out and go to outside

so for such type of user flag is always set to be 'N' means they are online but in actual situation they are not online


so how we differentiate such type of user from actual online user like B who follow all rule(don,t close the browser)

thanks
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60992
    
  65

In either case, set the value to 'N'. Problem solved.
shyam ji gautam
Ranch Hand

Joined: Sep 17, 2011
Posts: 48
Bear Bibeault wrote:In either case, set the value to 'N'. Problem solved.



no , N for online and after closing browser how i can set the value in data base by using code

thanks
shyam ji gautam
Ranch Hand

Joined: Sep 17, 2011
Posts: 48
Paul Clapham wrote:Not quite right... you get an HttpSessionEvent, from which you can get a reference to the actual HttpSession which has just been destroyed.

And if your application was written to store, say, a User object in that session so that you can tell whose session it was, then you could certainly get a reference to that User object.

However that isn't particularly useful by itself. If the session contained resources which needed to be cleaned up, then this would be the time to do it. However the idea that this would be the time to tell the user that his session had expired is a misguided one, since there isn't any practical way to do that. Not to mention that the user very likely doesn't care anyway.



thanks , but my question is that by using session listener we can
set the flag 'Y' for user A
a)which session is expired by session destroy method ok
b)but what will be happen for those who directly close the browser before session time out and go to outside

so for such type of user flag is always set to be 'N' means they are online but in actual situation they are not online


so how we differentiate such type of user from actual online user like B who follow all rule(don,t close the browser)

thanks
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

I don't really understand any of that. It sounds to me like you are trying to make your users follow a rule which says they must log out from your system before they close their browser.

If so, then don't do that. Give them a logout button, sure, but don't make it a rule that they must log out. There's no point in doing that because (a) people won't always bother with it, and (b) sometimes it's impossible because the web connection went down.

If you need to keep track of what users are online, then a user goes offline when they log out or when their session expires. Are you trying to do something other than that? Because you're wasting your time if you are.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: how to forcefully log out in admin module?