There is one problem with this approach. Load balancing/clustering.
If you have a HashMap in one tomcat JVM, how does that information get
propogated to other JVM's possibly on other machines?
Thank you by the way for all the inputs so far
On 10/6/05, Leon Rosenberg <[EMAIL PROTECTED]> wrot
On 10/6/05, Tobias Meyer <[EMAIL PROTECTED]> wrote:
> The problem is AFAIK, that you cannot access the list of all sessions
> through the servlet-api.
> That feature was in the servlet-api at some time, but was removed, IIRC due
> to security issues.
>
> If you have a list of all sessions, you can
:20
> > An: Tomcat Users List
> > Betreff: Re: custom session manager
> >
> >
> > On 10/6/05, Tobias Meyer <[EMAIL PROTECTED]> wrote:
> > >
> > > Or, cou could add a static hashmap to your Servlet (or a
> > bean if using JSPs)
> >
On 10/6/05, Tobias Meyer <[EMAIL PROTECTED]> wrote:
>
> Or, cou could add a static hashmap to your Servlet (or a bean if using JSPs)
> where you simply add the sessions with every request. You would have to put
> an attribute implementing javax.servlet.http.HttpSessionActivationListener
> in each s
On 10/6/05, Mark <[EMAIL PROTECTED]> wrote:
> basically, I want to prevent users from logging in and creating a
> second session if a valid session for that user already exists.
>
> For instance.
>
> 1. Log in to my web app, session is created
> 2. browse around in my web app
> 3. close browser, do
> From: Mark [mailto:[EMAIL PROTECTED]
> Subject: Re: custom session manager
>
> basically, I want to prevent users from logging in and creating a
> second session if a valid session for that user already exists.
Why? Some strange security issue? Resource consumption? An a
basically, I want to prevent users from logging in and creating a
second session if a valid session for that user already exists.
For instance.
1. Log in to my web app, session is created
2. browse around in my web app
3. close browser, do not logout
4. Start browser up again
5. try and log in
6.
I have never seen that the getRemoteUser method you are referring to
returned something userful, or just something other then null. Taken
in account different browsers, proxies, internet-cafes... I don't
think it's possible.
On the other hand, why do you need that? As a matter of security this
will
This is about 90% of what I want. One of the features I want to put
into my session manager is the ability to only have one open session
per user. What I would like is to have a createSession method that
takes in user and host. This way I could be relatively sure that the
user could only have on
check this out:
http://www.niallp.pwp.blueyonder.co.uk/TomcatBug36541.html
The link itself handles a bug, but one of the solutions is to replace
the std. manager with custom manager with all info you need to
actually do this. I thin kthis fits your question.
regards
leon
On 9/29/05, Mark <[EMAI
10 matches
Mail list logo