Win a copy of Learn Spring Security (video course) this week in the Spring forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

how to forcefully log out in admin module?

 
shyam ji gautam
Ranch Hand
Posts: 49
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear all



i am making an application in which admin can forcefully log out the online user .
because only one user can login only one time by using same id and password

so my database design is like this table name:user maintenance
colunm name is
userid: flag : logintime :logouttime

algorithms for this is like
1) by default flag is 'y' so when user going to login check it is set to 'y' or when it is log out it will set to 'N'
2)after session time out to set flag i am using listener which set the flag automatically 'Y' after session time out
3) so for me online user = select * from usermaintenance where flag = 'N' which will be seen to admin

but my doubt is that some user directly close the browser and go , so he actually not online but he will be count as online because flag for them is still set to 'N'

SO My concern is that how any java/j2ee approach we can differentiate between real online and such user which can close the browser

thanks
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64606
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You'll need to rely upon the session timeout.
 
olivier dutranoit
Ranch Hand
Posts: 81
IBM DB2 Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Question...

How can you know in the HttpSessionListener that a session has timed out?
answer : sessionDestroyed is called...

But...

How can you know that USER A his session is timed out?
When sessionDestroyed is called...the only thing you can retreive, i think, is the session id? right?
the session data is gone.

So, on sessionDestroyed , you don't know who's session is destroyd...

or am i wrong?
 
Paul Clapham
Sheriff
Posts: 20711
29
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Not quite right... you get an HttpSessionEvent, from which you can get a reference to the actual HttpSession which has just been destroyed.

And if your application was written to store, say, a User object in that session so that you can tell whose session it was, then you could certainly get a reference to that User object.

However that isn't particularly useful by itself. If the session contained resources which needed to be cleaned up, then this would be the time to do it. However the idea that this would be the time to tell the user that his session had expired is a misguided one, since there isn't any practical way to do that. Not to mention that the user very likely doesn't care anyway.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64606
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
olivier dutranoit wrote:the only thing you can retreive, i think, is the session id? right?

Not right.

Unless you are using a very old version of a servlet container.
 
Ove Lindström
Ranch Hand
Posts: 326
Android Firefox Browser Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:
olivier dutranoit wrote:the only thing you can retreive, i think, is the session id? right?

Not right.

Unless you are using a very old version of a servlet container.


And if you are you have two choices.

1. Upgrade.
2. Store user information with the session id in a persistent storage so that you can look it up.
 
shyam ji gautam
Ranch Hand
Posts: 49
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:You'll need to rely upon the session timeout.



thanks , but my question is that by using session listener we can
set the flag 'Y' for user A
a)which session is expired by session destroy method ok
b)but what will be happen for those who directly close the browser before session time out and go to outside

so for such type of user flag is always set to be 'N' means they are online but in actual situation they are not online


so how we differentiate such type of user from actual online user like B who follow all rule(don,t close the browser)

thanks
 
shyam ji gautam
Ranch Hand
Posts: 49
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Paul Clapham wrote:Not quite right... you get an HttpSessionEvent, from which you can get a reference to the actual HttpSession which has just been destroyed.

And if your application was written to store, say, a User object in that session so that you can tell whose session it was, then you could certainly get a reference to that User object.

However that isn't particularly useful by itself. If the session contained resources which needed to be cleaned up, then this would be the time to do it. However the idea that this would be the time to tell the user that his session had expired is a misguided one, since there isn't any practical way to do that. Not to mention that the user very likely doesn't care anyway.






thanks , but my question is that by using session listener we can
set the flag 'Y' for user A
a)which session is expired by session destroy method ok
b)but what will be happen for those who directly close the browser before session time out and go to outside

so for such type of user flag is always set to be 'N' means they are online but in actual situation they are not online


so how we differentiate such type of user from actual online user like B who follow all rule(don,t close the browser)

thanks
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64606
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In either case, set the value to 'N'. Problem solved.
 
shyam ji gautam
Ranch Hand
Posts: 49
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:In either case, set the value to 'N'. Problem solved.



no , N for online and after closing browser how i can set the value in data base by using code

thanks
 
shyam ji gautam
Ranch Hand
Posts: 49
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Paul Clapham wrote:Not quite right... you get an HttpSessionEvent, from which you can get a reference to the actual HttpSession which has just been destroyed.

And if your application was written to store, say, a User object in that session so that you can tell whose session it was, then you could certainly get a reference to that User object.

However that isn't particularly useful by itself. If the session contained resources which needed to be cleaned up, then this would be the time to do it. However the idea that this would be the time to tell the user that his session had expired is a misguided one, since there isn't any practical way to do that. Not to mention that the user very likely doesn't care anyway.



thanks , but my question is that by using session listener we can
set the flag 'Y' for user A
a)which session is expired by session destroy method ok
b)but what will be happen for those who directly close the browser before session time out and go to outside

so for such type of user flag is always set to be 'N' means they are online but in actual situation they are not online


so how we differentiate such type of user from actual online user like B who follow all rule(don,t close the browser)

thanks
 
Paul Clapham
Sheriff
Posts: 20711
29
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't really understand any of that. It sounds to me like you are trying to make your users follow a rule which says they must log out from your system before they close their browser.

If so, then don't do that. Give them a logout button, sure, but don't make it a rule that they must log out. There's no point in doing that because (a) people won't always bother with it, and (b) sometimes it's impossible because the web connection went down.

If you need to keep track of what users are online, then a user goes offline when they log out or when their session expires. Are you trying to do something other than that? Because you're wasting your time if you are.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic