RE: list active sessions.
I don't see that behavior. Is there a setting in Tomcat to turn that
function on and off perhaps? None of my sessions survive a Tomcat restart,
so I've never had to deal with this.
Frank
From: Radek Liebzeit [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: 'Tomcat Users List' [EMAIL PROTECTED]
Subject: RE: list active sessions.
Date: Wed, 23 Jun 2004 07:51:08 +0200
Really nice.
I am just wondering about one thing - about persistent sessions. I
have a session counter based on the SessionListeners. It is increased
when some session is created and decreased when the session is
destroyed. So, when I restart the Tomcat server some sessions are
recreated but counter state doesn't. Therefore, after session timeout,
the counter status is negative.
It's not problem for me, it is enough for my purposes. I am just
wondering how do you solve this behaviour?
Radek
-Original Message-
From: Frank Zammetti [mailto:[EMAIL PROTECTED]
Sent: Monday, June 21, 2004 3:45 PM
To: [EMAIL PROTECTED]
Subject: RE: list active sessions.
I spent a couple of days last week implementing just such a thing, so
I
feel
qualified to answer :)
There is no easy way to do it. There USED to be a SessionContext
object
available in the servlet spec that would allow you to do a lot of cool
things with sessions, but it was removed as of spec 2.1 I think
because
Sun
believed it to be a security risk. Unfortunately there was nothing
added
to
take it's place.
The way you have to do this, or at least one way (the only way I
found) is
to track it yourself.
First, I already had an AppConfig object that contains a static
HashMap.
This has a bunch of config values for my app loaded from a config file
at
startup. I then added an activeSessions HashMap to that class.
Create a
similar class for yourself, along the lines of the following:
import java.util.HashMap;
public class AppConfig {
private static HashMap activeUsers = null;
public static HashMap activeUsers() {
return activeUsers;
}
public static void setActiveUsers(HashMap inActiveUsers) {
activeUsers = inActiveUsers;
}
}
Then, create a SessionListener something like the following:
package com.mycompany.myapp;
import java.util.HashMap;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
public class SessionListener implements HttpSessionListener {
public void sessionCreated(HttpSessionEvent se) {
HashMap activeUsers = (HashMap)AppConfig.getActiveUsers();
synchronized (activeUsers) {
activeUsers.put(se.getSession().getId(), new HashMap());
}
}
public void sessionDestroyed(HttpSessionEvent se) {
HashMap activeUsers = (HashMap)AppConfig.getActiveUsers();
synchronized (appConfig) {
activeUsers.remove(se.getSession().getId());
}
}
}
Then just add the following to web.xml after your servlet section:
listener
listener-classcom.mycompany.myapp.SessionListener/listener-class
/listener
Basically, every time a session is created, you'll get an entry in the
activeUsers HashMap keyed by sessionID, and the record will be removed
when
the session is destroyed. Further, what I do is that when my logon
Action
is called, when the user is validated I add some information for that
user
into the HashMap (first name, last name, logon time, etc). This
allows me
to have a pretty nice little tracking display in my app.
The one problem you run into with this is that if the user just closes
the
browser window rather than using your nice logout function, the
session
lingers until the timeout period elapses. I didn't like that! My app
is
frames-based, and I already had one hidden frame, so I added the
following
to the body tag of that frame's source document:
onUnload=openLogoffPopup();
... and then the openLogoffPopup() function:
function openLogoffPopup() {
windowHandle = window.open(, ,
width=200,height=1,top=1,left=1);
str = + html + head + title + /title +
/head;
str += + body
onLoad=\window.location='%=request.getContextPath()
+ /app/logoff.app%';\;
str += + table width=\100%\ height=\100%\ border=\0\;
str += + tr + td align=\center\ valign=\middle\;
str += + span
style=\color:#00;font-family:arial;font-size:11pt;font-
weight:bold;\;
str += Logging out of application... + /span;
str += + /td + /tr;
str += + /table;
str += + /body + /html;
windowHandle.document.write(str);
windowHandle.document.close();
}
That calls the logoff Action whcih does not much more than
session.invalidate(). This works well in IE, I do not know if it is
cross-browser though (not a concern for my company). It should work
fine
to
add this to all your JSP's, assuming your app isn't frame-based, I
think
it'll work just the same. But, maybe you can live with the session
lingering if the window
RE: list active sessions.
Quoting Frank Zammetti [EMAIL PROTECTED]:
I don't see that behavior. Is there a setting in Tomcat to turn that
function on and off perhaps? None of my sessions survive a Tomcat restart,
so I've never had to deal with this.
Tomcat will dump session objects which don't implement Serializable or are
marked as such, but fail serialization for whatever reason. Make sure objects
are serializable and the counter will persist across restarts (as long as the
session hasn't already timed out).
Jake
Frank
From: Radek Liebzeit [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: 'Tomcat Users List' [EMAIL PROTECTED]
Subject: RE: list active sessions.
Date: Wed, 23 Jun 2004 07:51:08 +0200
Really nice.
I am just wondering about one thing - about persistent sessions. I
have a session counter based on the SessionListeners. It is increased
when some session is created and decreased when the session is
destroyed. So, when I restart the Tomcat server some sessions are
recreated but counter state doesn't. Therefore, after session timeout,
the counter status is negative.
It's not problem for me, it is enough for my purposes. I am just
wondering how do you solve this behaviour?
Radek
-Original Message-
From: Frank Zammetti [mailto:[EMAIL PROTECTED]
Sent: Monday, June 21, 2004 3:45 PM
To: [EMAIL PROTECTED]
Subject: RE: list active sessions.
I spent a couple of days last week implementing just such a thing, so
I
feel
qualified to answer :)
There is no easy way to do it. There USED to be a SessionContext
object
available in the servlet spec that would allow you to do a lot of cool
things with sessions, but it was removed as of spec 2.1 I think
because
Sun
believed it to be a security risk. Unfortunately there was nothing
added
to
take it's place.
The way you have to do this, or at least one way (the only way I
found) is
to track it yourself.
First, I already had an AppConfig object that contains a static
HashMap.
This has a bunch of config values for my app loaded from a config file
at
startup. I then added an activeSessions HashMap to that class.
Create a
similar class for yourself, along the lines of the following:
import java.util.HashMap;
public class AppConfig {
private static HashMap activeUsers = null;
public static HashMap activeUsers() {
return activeUsers;
}
public static void setActiveUsers(HashMap inActiveUsers) {
activeUsers = inActiveUsers;
}
}
Then, create a SessionListener something like the following:
package com.mycompany.myapp;
import java.util.HashMap;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
public class SessionListener implements HttpSessionListener {
public void sessionCreated(HttpSessionEvent se) {
HashMap activeUsers = (HashMap)AppConfig.getActiveUsers();
synchronized (activeUsers) {
activeUsers.put(se.getSession().getId(), new HashMap());
}
}
public void sessionDestroyed(HttpSessionEvent se) {
HashMap activeUsers = (HashMap)AppConfig.getActiveUsers();
synchronized (appConfig) {
activeUsers.remove(se.getSession().getId());
}
}
}
Then just add the following to web.xml after your servlet section:
listener
listener-classcom.mycompany.myapp.SessionListener/listener-class
/listener
Basically, every time a session is created, you'll get an entry in the
activeUsers HashMap keyed by sessionID, and the record will be removed
when
the session is destroyed. Further, what I do is that when my logon
Action
is called, when the user is validated I add some information for that
user
into the HashMap (first name, last name, logon time, etc). This
allows me
to have a pretty nice little tracking display in my app.
The one problem you run into with this is that if the user just closes
the
browser window rather than using your nice logout function, the
session
lingers until the timeout period elapses. I didn't like that! My app
is
frames-based, and I already had one hidden frame, so I added the
following
to the body tag of that frame's source document:
onUnload=openLogoffPopup();
... and then the openLogoffPopup() function:
function openLogoffPopup() {
windowHandle = window.open(, ,
width=200,height=1,top=1,left=1);
str = + html + head + title + /title +
/head;
str += + body
onLoad=\window.location='%=request.getContextPath()
+ /app/logoff.app%';\;
str += + table width=\100%\ height=\100%\ border=\0\;
str += + tr + td align=\center\ valign=\middle\;
str += + span
style=\color:#00;font-family:arial;font-size:11pt;font-
weight:bold;\;
str += Logging out
RE: list active sessions.
How would the counter persist? Even assuming the sessions persist
(something I don't see, even though I know the sessions are fully
serializable), the counter as I previously described is in-memory as part of
a static class. Are you talking about modifying it to use a database? In
that case, yes, I agree the counter should then persist as well.
Frank
From: Jacob Kjome [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Subject: RE: list active sessions.
Date: Wed, 23 Jun 2004 15:10:31 +
Quoting Frank Zammetti [EMAIL PROTECTED]:
I don't see that behavior. Is there a setting in Tomcat to turn that
function on and off perhaps? None of my sessions survive a Tomcat
restart,
so I've never had to deal with this.
Tomcat will dump session objects which don't implement Serializable or are
marked as such, but fail serialization for whatever reason. Make sure
objects
are serializable and the counter will persist across restarts (as long as
the
session hasn't already timed out).
Jake
Frank
From: Radek Liebzeit [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: 'Tomcat Users List' [EMAIL PROTECTED]
Subject: RE: list active sessions.
Date: Wed, 23 Jun 2004 07:51:08 +0200
Really nice.
I am just wondering about one thing - about persistent sessions. I
have a session counter based on the SessionListeners. It is increased
when some session is created and decreased when the session is
destroyed. So, when I restart the Tomcat server some sessions are
recreated but counter state doesn't. Therefore, after session timeout,
the counter status is negative.
It's not problem for me, it is enough for my purposes. I am just
wondering how do you solve this behaviour?
Radek
-Original Message-
From: Frank Zammetti [mailto:[EMAIL PROTECTED]
Sent: Monday, June 21, 2004 3:45 PM
To: [EMAIL PROTECTED]
Subject: RE: list active sessions.
I spent a couple of days last week implementing just such a thing,
so
I
feel
qualified to answer :)
There is no easy way to do it. There USED to be a SessionContext
object
available in the servlet spec that would allow you to do a lot of
cool
things with sessions, but it was removed as of spec 2.1 I think
because
Sun
believed it to be a security risk. Unfortunately there was nothing
added
to
take it's place.
The way you have to do this, or at least one way (the only way I
found) is
to track it yourself.
First, I already had an AppConfig object that contains a static
HashMap.
This has a bunch of config values for my app loaded from a config
file
at
startup. I then added an activeSessions HashMap to that class.
Create a
similar class for yourself, along the lines of the following:
import java.util.HashMap;
public class AppConfig {
private static HashMap activeUsers = null;
public static HashMap activeUsers() {
return activeUsers;
}
public static void setActiveUsers(HashMap inActiveUsers) {
activeUsers = inActiveUsers;
}
}
Then, create a SessionListener something like the following:
package com.mycompany.myapp;
import java.util.HashMap;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
public class SessionListener implements HttpSessionListener {
public void sessionCreated(HttpSessionEvent se) {
HashMap activeUsers = (HashMap)AppConfig.getActiveUsers();
synchronized (activeUsers) {
activeUsers.put(se.getSession().getId(), new HashMap());
}
}
public void sessionDestroyed(HttpSessionEvent se) {
HashMap activeUsers = (HashMap)AppConfig.getActiveUsers();
synchronized (appConfig) {
activeUsers.remove(se.getSession().getId());
}
}
}
Then just add the following to web.xml after your servlet section:
listener
listener-classcom.mycompany.myapp.SessionListener/listener-class
/listener
Basically, every time a session is created, you'll get an entry in
the
activeUsers HashMap keyed by sessionID, and the record will be
removed
when
the session is destroyed. Further, what I do is that when my logon
Action
is called, when the user is validated I add some information for
that
user
into the HashMap (first name, last name, logon time, etc). This
allows me
to have a pretty nice little tracking display in my app.
The one problem you run into with this is that if the user just
closes
the
browser window rather than using your nice logout function, the
session
lingers until the timeout period elapses. I didn't like that! My
app
is
frames-based, and I already had one hidden frame, so I added the
following
to the body tag of that frame's source document:
onUnload=openLogoffPopup
RE: list active sessions.
Quoting Frank Zammetti [EMAIL PROTECTED]:
How would the counter persist? Even assuming the sessions persist
(something I don't see, even though I know the sessions are fully
serializable), the counter as I previously described is in-memory as part of
a static class. Are you talking about modifying it to use a database? In
that case, yes, I agree the counter should then persist as well.
The place where you are storing the counter is a static class? You mean a
static inner class? Or did you, maybe mean a static variable? You do know that
static variables are transient, right?
Sessions do persist, and if you are storing an object in the session that is
holding a non-static/non-transient counter variable and you restart the server,
and you visit the page that shows the counter and your session hasn't timed out,
then the counter value you see should reflect the last value stored before the
server restart (plus incrementing the counter, if that is what you do).
...Ok, I just re-read what you wrote previously and you are talking about
storing a count of sessions in a SessionListener. So, I guess what I've written
kind of misses the point of what you are asking. What you'd need to do is get a
handle, somehow, to Tomcat's count of sessions. All your session listner would
do is count sessions which are created while the listener is listening. Even if
you stored the value in a database, it probably wouldn't be valid because if
sessions expired between stop and start of Tomcat, I'm not sure you
SessionListener would be notified about this at startup? You'd have to
investigate that. If it is called for each session expiring, you could keep
that value in the database, initialize your SessionListener counter variable
with that value and then let the listener remove/add sessions.
Jake
Frank
From: Jacob Kjome [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Subject: RE: list active sessions.
Date: Wed, 23 Jun 2004 15:10:31 +
Quoting Frank Zammetti [EMAIL PROTECTED]:
I don't see that behavior. Is there a setting in Tomcat to turn that
function on and off perhaps? None of my sessions survive a Tomcat
restart,
so I've never had to deal with this.
Tomcat will dump session objects which don't implement Serializable or are
marked as such, but fail serialization for whatever reason. Make sure
objects
are serializable and the counter will persist across restarts (as long as
the
session hasn't already timed out).
Jake
Frank
From: Radek Liebzeit [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: 'Tomcat Users List' [EMAIL PROTECTED]
Subject: RE: list active sessions.
Date: Wed, 23 Jun 2004 07:51:08 +0200
Really nice.
I am just wondering about one thing - about persistent sessions. I
have a session counter based on the SessionListeners. It is increased
when some session is created and decreased when the session is
destroyed. So, when I restart the Tomcat server some sessions are
recreated but counter state doesn't. Therefore, after session timeout,
the counter status is negative.
It's not problem for me, it is enough for my purposes. I am just
wondering how do you solve this behaviour?
Radek
-Original Message-
From: Frank Zammetti [mailto:[EMAIL PROTECTED]
Sent: Monday, June 21, 2004 3:45 PM
To: [EMAIL PROTECTED]
Subject: RE: list active sessions.
I spent a couple of days last week implementing just such a thing,
so
I
feel
qualified to answer :)
There is no easy way to do it. There USED to be a SessionContext
object
available in the servlet spec that would allow you to do a lot of
cool
things with sessions, but it was removed as of spec 2.1 I think
because
Sun
believed it to be a security risk. Unfortunately there was nothing
added
to
take it's place.
The way you have to do this, or at least one way (the only way I
found) is
to track it yourself.
First, I already had an AppConfig object that contains a static
HashMap.
This has a bunch of config values for my app loaded from a config
file
at
startup. I then added an activeSessions HashMap to that class.
Create a
similar class for yourself, along the lines of the following:
import java.util.HashMap;
public class AppConfig {
private static HashMap activeUsers = null;
public static HashMap activeUsers() {
return activeUsers;
}
public static void setActiveUsers(HashMap inActiveUsers) {
activeUsers = inActiveUsers;
}
}
Then, create a SessionListener something like the following:
package com.mycompany.myapp;
import java.util.HashMap;
import javax.servlet.http.HttpSession;
import
RE: list active sessions.
Really nice.
I am just wondering about one thing - about persistent sessions. I
have a session counter based on the SessionListeners. It is increased
when some session is created and decreased when the session is
destroyed. So, when I restart the Tomcat server some sessions are
recreated but counter state doesn't. Therefore, after session timeout,
the counter status is negative.
It's not problem for me, it is enough for my purposes. I am just
wondering how do you solve this behaviour?
Radek
-Original Message-
From: Frank Zammetti [mailto:[EMAIL PROTECTED]
Sent: Monday, June 21, 2004 3:45 PM
To: [EMAIL PROTECTED]
Subject: RE: list active sessions.
I spent a couple of days last week implementing just such a thing, so
I
feel
qualified to answer :)
There is no easy way to do it. There USED to be a SessionContext
object
available in the servlet spec that would allow you to do a lot of cool
things with sessions, but it was removed as of spec 2.1 I think
because
Sun
believed it to be a security risk. Unfortunately there was nothing
added
to
take it's place.
The way you have to do this, or at least one way (the only way I
found) is
to track it yourself.
First, I already had an AppConfig object that contains a static
HashMap.
This has a bunch of config values for my app loaded from a config file
at
startup. I then added an activeSessions HashMap to that class.
Create a
similar class for yourself, along the lines of the following:
import java.util.HashMap;
public class AppConfig {
private static HashMap activeUsers = null;
public static HashMap activeUsers() {
return activeUsers;
}
public static void setActiveUsers(HashMap inActiveUsers) {
activeUsers = inActiveUsers;
}
}
Then, create a SessionListener something like the following:
package com.mycompany.myapp;
import java.util.HashMap;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
public class SessionListener implements HttpSessionListener {
public void sessionCreated(HttpSessionEvent se) {
HashMap activeUsers = (HashMap)AppConfig.getActiveUsers();
synchronized (activeUsers) {
activeUsers.put(se.getSession().getId(), new HashMap());
}
}
public void sessionDestroyed(HttpSessionEvent se) {
HashMap activeUsers = (HashMap)AppConfig.getActiveUsers();
synchronized (appConfig) {
activeUsers.remove(se.getSession().getId());
}
}
}
Then just add the following to web.xml after your servlet section:
listener
listener-classcom.mycompany.myapp.SessionListener/listener-class
/listener
Basically, every time a session is created, you'll get an entry in the
activeUsers HashMap keyed by sessionID, and the record will be removed
when
the session is destroyed. Further, what I do is that when my logon
Action
is called, when the user is validated I add some information for that
user
into the HashMap (first name, last name, logon time, etc). This
allows me
to have a pretty nice little tracking display in my app.
The one problem you run into with this is that if the user just closes
the
browser window rather than using your nice logout function, the
session
lingers until the timeout period elapses. I didn't like that! My app
is
frames-based, and I already had one hidden frame, so I added the
following
to the body tag of that frame's source document:
onUnload=openLogoffPopup();
... and then the openLogoffPopup() function:
function openLogoffPopup() {
windowHandle = window.open(, ,
width=200,height=1,top=1,left=1);
str = + html + head + title + /title +
/head;
str += + body
onLoad=\window.location='%=request.getContextPath()
+ /app/logoff.app%';\;
str += + table width=\100%\ height=\100%\ border=\0\;
str += + tr + td align=\center\ valign=\middle\;
str += + span
style=\color:#00;font-family:arial;font-size:11pt;font-
weight:bold;\;
str += Logging out of application... + /span;
str += + /td + /tr;
str += + /table;
str += + /body + /html;
windowHandle.document.write(str);
windowHandle.document.close();
}
That calls the logoff Action whcih does not much more than
session.invalidate(). This works well in IE, I do not know if it is
cross-browser though (not a concern for my company). It should work
fine
to
add this to all your JSP's, assuming your app isn't frame-based, I
think
it'll work just the same. But, maybe you can live with the session
lingering if the window is closed anyway. It's probably not a big
concern
if the timeout period is short enough, but you need to recognize that
you
may see more than one session per user for a few minutes if they log
on
again.
Hope that helps!
Frank
From: Alex [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Subject: list active
list active sessions.
Is there a way to list all sessions which are currently active for the webapp which would be calling for such a list? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: list active sessions.
I spent a couple of days last week implementing just such a thing, so I feel
qualified to answer :)
There is no easy way to do it. There USED to be a SessionContext object
available in the servlet spec that would allow you to do a lot of cool
things with sessions, but it was removed as of spec 2.1 I think because Sun
believed it to be a security risk. Unfortunately there was nothing added to
take it's place.
The way you have to do this, or at least one way (the only way I found) is
to track it yourself.
First, I already had an AppConfig object that contains a static HashMap.
This has a bunch of config values for my app loaded from a config file at
startup. I then added an activeSessions HashMap to that class. Create a
similar class for yourself, along the lines of the following:
import java.util.HashMap;
public class AppConfig {
private static HashMap activeUsers = null;
public static HashMap activeUsers() {
return activeUsers;
}
public static void setActiveUsers(HashMap inActiveUsers) {
activeUsers = inActiveUsers;
}
}
Then, create a SessionListener something like the following:
package com.mycompany.myapp;
import java.util.HashMap;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
public class SessionListener implements HttpSessionListener {
public void sessionCreated(HttpSessionEvent se) {
HashMap activeUsers = (HashMap)AppConfig.getActiveUsers();
synchronized (activeUsers) {
activeUsers.put(se.getSession().getId(), new HashMap());
}
}
public void sessionDestroyed(HttpSessionEvent se) {
HashMap activeUsers = (HashMap)AppConfig.getActiveUsers();
synchronized (appConfig) {
activeUsers.remove(se.getSession().getId());
}
}
}
Then just add the following to web.xml after your servlet section:
listener
listener-classcom.mycompany.myapp.SessionListener/listener-class
/listener
Basically, every time a session is created, you'll get an entry in the
activeUsers HashMap keyed by sessionID, and the record will be removed when
the session is destroyed. Further, what I do is that when my logon Action
is called, when the user is validated I add some information for that user
into the HashMap (first name, last name, logon time, etc). This allows me
to have a pretty nice little tracking display in my app.
The one problem you run into with this is that if the user just closes the
browser window rather than using your nice logout function, the session
lingers until the timeout period elapses. I didn't like that! My app is
frames-based, and I already had one hidden frame, so I added the following
to the body tag of that frame's source document:
onUnload=openLogoffPopup();
... and then the openLogoffPopup() function:
function openLogoffPopup() {
windowHandle = window.open(, , width=200,height=1,top=1,left=1);
str = + html + head + title + /title + /head;
str += + body onLoad=\window.location='%=request.getContextPath()
+ /app/logoff.app%';\;
str += + table width=\100%\ height=\100%\ border=\0\;
str += + tr + td align=\center\ valign=\middle\;
str += + span
style=\color:#00;font-family:arial;font-size:11pt;font-weight:bold;\;
str += Logging out of application... + /span;
str += + /td + /tr;
str += + /table;
str += + /body + /html;
windowHandle.document.write(str);
windowHandle.document.close();
}
That calls the logoff Action whcih does not much more than
session.invalidate(). This works well in IE, I do not know if it is
cross-browser though (not a concern for my company). It should work fine to
add this to all your JSP's, assuming your app isn't frame-based, I think
it'll work just the same. But, maybe you can live with the session
lingering if the window is closed anyway. It's probably not a big concern
if the timeout period is short enough, but you need to recognize that you
may see more than one session per user for a few minutes if they log on
again.
Hope that helps!
Frank
From: Alex [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Subject: list active sessions.
Date: Mon, 21 Jun 2004 08:52:42 -0400 (EDT)
Is there a way to list all sessions which are currently active for the
webapp which would be calling for such a list?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
_
Is your PC infected? Get a FREE online computer virus scan from McAfee®
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: list active sessions.
How would your application cope if it were required to scale up to 250
concurrent users ?
It's an interesting approach. Currently I record limited information to a
db. All I really want is to be able to list all the active session
id's...nothing more. If it's being done already, why do it again...
On Mon, 21 Jun 2004, Frank Zammetti wrote:
Date: Mon, 21 Jun 2004 09:45:05 -0400
From: Frank Zammetti [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: RE: list active sessions.
I spent a couple of days last week implementing just such a thing, so I feel
qualified to answer :)
There is no easy way to do it. There USED to be a SessionContext object
available in the servlet spec that would allow you to do a lot of cool
things with sessions, but it was removed as of spec 2.1 I think because Sun
believed it to be a security risk. Unfortunately there was nothing added to
take it's place.
The way you have to do this, or at least one way (the only way I found) is
to track it yourself.
First, I already had an AppConfig object that contains a static HashMap.
This has a bunch of config values for my app loaded from a config file at
startup. I then added an activeSessions HashMap to that class. Create a
similar class for yourself, along the lines of the following:
import java.util.HashMap;
public class AppConfig {
private static HashMap activeUsers = null;
public static HashMap activeUsers() {
return activeUsers;
}
public static void setActiveUsers(HashMap inActiveUsers) {
activeUsers = inActiveUsers;
}
}
Then, create a SessionListener something like the following:
package com.mycompany.myapp;
import java.util.HashMap;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
public class SessionListener implements HttpSessionListener {
public void sessionCreated(HttpSessionEvent se) {
HashMap activeUsers = (HashMap)AppConfig.getActiveUsers();
synchronized (activeUsers) {
activeUsers.put(se.getSession().getId(), new HashMap());
}
}
public void sessionDestroyed(HttpSessionEvent se) {
HashMap activeUsers = (HashMap)AppConfig.getActiveUsers();
synchronized (appConfig) {
activeUsers.remove(se.getSession().getId());
}
}
}
Then just add the following to web.xml after your servlet section:
listener
listener-classcom.mycompany.myapp.SessionListener/listener-class
/listener
Basically, every time a session is created, you'll get an entry in the
activeUsers HashMap keyed by sessionID, and the record will be removed when
the session is destroyed. Further, what I do is that when my logon Action
is called, when the user is validated I add some information for that user
into the HashMap (first name, last name, logon time, etc). This allows me
to have a pretty nice little tracking display in my app.
The one problem you run into with this is that if the user just closes the
browser window rather than using your nice logout function, the session
lingers until the timeout period elapses. I didn't like that! My app is
frames-based, and I already had one hidden frame, so I added the following
to the body tag of that frame's source document:
onUnload=openLogoffPopup();
... and then the openLogoffPopup() function:
function openLogoffPopup() {
windowHandle = window.open(, , width=200,height=1,top=1,left=1);
str = + html + head + title + /title + /head;
str += + body onLoad=\window.location='%=request.getContextPath()
+ /app/logoff.app%';\;
str += + table width=\100%\ height=\100%\ border=\0\;
str += + tr + td align=\center\ valign=\middle\;
str += + span
style=\color:#00;font-family:arial;font-size:11pt;font-weight:bold;\;
str += Logging out of application... + /span;
str += + /td + /tr;
str += + /table;
str += + /body + /html;
windowHandle.document.write(str);
windowHandle.document.close();
}
That calls the logoff Action whcih does not much more than
session.invalidate(). This works well in IE, I do not know if it is
cross-browser though (not a concern for my company). It should work fine to
add this to all your JSP's, assuming your app isn't frame-based, I think
it'll work just the same. But, maybe you can live with the session
lingering if the window is closed anyway. It's probably not a big concern
if the timeout period is short enough, but you need to recognize that you
may see more than one session per user for a few minutes if they log on
again.
Hope that helps!
Frank
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: list active sessions.
Well, never having tried it, I don't know for sure :)
But, since we're only talking about a pretty small static object in memory,
I assume that would be better-performing than writing out to a database
(although obviously you have no persistence, but I don't think that's a
problem when talking about sessions). And although there is a critical
section involved, since it's only during logon and not every request, I
don't imagine it's a significant problem. If your just recording the
session ID and not the extra info I do later on, I suspect it would scale
just fine.
The one problem I can see is if your talking about a distributed
environment. Maybe in that case writing out to a database is a better idea.
Certainly it's trivial to do that from the listener. You avoid the
critical section then, so maybe the trade-off between that and the extra hit
of the database access makes it a wash. If you kept it in-memory, it might
even be OK because the AppConfig class should be serializable, so
theoretically it should be able to get replicated, but I certainly wouldn't
go that route, I'd write it to a database and not deal with any potential
synchronization issues at all. That means you probably want to write a
Struts plug-in, or something else to run at startup, to clear out the
database, but that's also not a big deal.
So, while I don't know for sure that it will scale to 250 users, I can't see
any real problem with it doing so, certainly if it's a single server I'd see
it's probably fine as-is, a cluster might require going to a database
instead.
Frank
From: Alex [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Subject: RE: list active sessions.
Date: Mon, 21 Jun 2004 09:31:33 -0400 (EDT)
How would your application cope if it were required to scale up to 250
concurrent users ?
It's an interesting approach. Currently I record limited information to a
db. All I really want is to be able to list all the active session
id's...nothing more. If it's being done already, why do it again...
On Mon, 21 Jun 2004, Frank Zammetti wrote:
Date: Mon, 21 Jun 2004 09:45:05 -0400
From: Frank Zammetti [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: RE: list active sessions.
I spent a couple of days last week implementing just such a thing, so I
feel
qualified to answer :)
There is no easy way to do it. There USED to be a SessionContext object
available in the servlet spec that would allow you to do a lot of cool
things with sessions, but it was removed as of spec 2.1 I think because
Sun
believed it to be a security risk. Unfortunately there was nothing
added to
take it's place.
The way you have to do this, or at least one way (the only way I found)
is
to track it yourself.
First, I already had an AppConfig object that contains a static HashMap.
This has a bunch of config values for my app loaded from a config file
at
startup. I then added an activeSessions HashMap to that class. Create
a
similar class for yourself, along the lines of the following:
import java.util.HashMap;
public class AppConfig {
private static HashMap activeUsers = null;
public static HashMap activeUsers() {
return activeUsers;
}
public static void setActiveUsers(HashMap inActiveUsers) {
activeUsers = inActiveUsers;
}
}
Then, create a SessionListener something like the following:
package com.mycompany.myapp;
import java.util.HashMap;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
public class SessionListener implements HttpSessionListener {
public void sessionCreated(HttpSessionEvent se) {
HashMap activeUsers = (HashMap)AppConfig.getActiveUsers();
synchronized (activeUsers) {
activeUsers.put(se.getSession().getId(), new HashMap());
}
}
public void sessionDestroyed(HttpSessionEvent se) {
HashMap activeUsers = (HashMap)AppConfig.getActiveUsers();
synchronized (appConfig) {
activeUsers.remove(se.getSession().getId());
}
}
}
Then just add the following to web.xml after your servlet section:
listener
listener-classcom.mycompany.myapp.SessionListener/listener-class
/listener
Basically, every time a session is created, you'll get an entry in the
activeUsers HashMap keyed by sessionID, and the record will be removed
when
the session is destroyed. Further, what I do is that when my logon
Action
is called, when the user is validated I add some information for that
user
into the HashMap (first name, last name, logon time, etc). This allows
me
to have a pretty nice little tracking display in my app.
The one problem you run into with this is that if the user just closes
the
browser window rather than using your nice logout function, the session
lingers until the timeout period elapses. I didn't like
