william conley

Greenhorn
+ Follow
since Oct 10, 2012
william likes ...
MySQL Database PHP Linux
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by william conley

That was an excellent discussion.

We'll see how the security is implemented and see if we can insert a preliminary check that can session.invalidate() at the appropriate moment based on existing user level (I'm not sure how they presently store the user class information, but it is avalable) and time-since-last (which we may or may not have to store manually in the session).

Also, this is a major client and they will want a lot of work in this system (or a full replacement in PHP which I don't see happening).

Any "logout" code would have to be executed in the session destruction listener method.

We will certainly test this and implement a logout command if need be.
9 years ago
Thank you. In essence what I'm getting here is: store access time in the session and compare to it when each page is requested. Require a sign-in if the limit is reached based on my calculations as opposed to whether there is still a session. The existing application relies solely on the existence of the session (an expired session causes a sign-in request at present).

Now I have to find out how the existing application is handling the sign-in / expiration and override it.

Be patient with me, I have to twist my brain into jsp and I have not even begun to do so. I'm still in PHP mode (and have to go back there now and finish another application before I can look at this). I do appreciate the push.
9 years ago
Very general, but the concept must also apply to those already on the page. If they walk away from their machines, their session will expire automatically. But I need that to happen at a different rate for different people, based on Class (administrators - higher expiration time).

So it's not just about "entry", but about the expiration of the session at any location. Obviously this is already handled by the session system that's built in. I can easily increase this for everyone ... but I need it to be class based and on all pages not just the entry page.

At this point I am personally a bit of a beginner in the tomcat arena, but I am quite adept at PHP and see the parallels. I just don't know how to "kill" a session manually ... and then of course I'll need to add a utility to track "last usage" (unless there's a method to query the session to get last usage already) and then I can use the last usage to "kill" regular user sessions early (while allowing administrator sessions to survive to the end of the regularly scheduled session).

But all of this is greek to me in Servlet Land. LOL
9 years ago
Sounds like a good idea and a "Best Practice".

Now: How do I force a re-login?

I'm a php person ... not so much a Servlet jsp person ..., but I need to work this out in an existing .jsp application and need a reference point to start from.
9 years ago
Is it possible to expire a Session (require re-authentication) for different users based on the "class" of user ... or failing that manually terminate a session for a user who has had no activity in XX minutes?
9 years ago