I have two web application running on tomcat which are deployed on two different machines. One of my application is a parent and other is a child. I login to my parent application and hitting a link on one of the pages of parent application i sends a browser request to my child application that open's one of its page in a separate browser window. In this scenario i would want both of my application to share the same timeout value and should behave like one complete application.
Scenarious to handle:
1. If i logout from my parent app, my child app should also get logout
2. If i close parent window, parent should get logout along with child
3. If i close child window, child should get logout and parent should remain logged in
4. If both the window are closed, both parent and child should get logout
1.Set parent session time out to some value..say 30mins
2.Create a REST service on parent..let's say "parentisAlive()"
3.Create a REST service on child..let's say "childisAlive()"
4.Create session listeners on parent and child
5.Each of the session listeners would invoke its respective REST service
6.REST service would talk to each other based on its own application's sessionID
7.Parent would presist(memory/DB) child's sessionID and vice versa
8.Respective applications session listener would get activated when each of its timeout value reaches a specific value..say 20mins
9.Session listeners would invoke respective REST service that will be responsible to synch each others session time out value
can anyone please suggest if this would be a good solution to implement session synchronization, does anyone see any flaw in this?
Another possible solution that comes to my mind is cookie based. As my both application run on same domain, my parent application can drop a cookie with possible session properties when the child app is launched, which ever app (parent/child) is busy will update the cookie with its session properties and which ever app(parent/child) is idle will read the cookie to get the session idle time.
I had came across scenario in one of our project where I considered the database centric approach with some Ajax help.
1. Create a DB table to store user's lasttime stamp for both of the application in two separate rows.
2. Create a business logic java class to decide action based on your scenarios.
3. Delete the db table information when user logged off or session expires for parent app.
The db centric information is pretty good for maintainence and debugging point of view. The REST based approach might give you the similar solution but it would be bit difficult to design test cases around it and also cumbersome approach for debugging point of view.
The harder I work, the luckier I get. -Sam Goldwyn So tiny. - this ad:
Free, earth friendly heat - from the CodeRanch trailboss