On 10/6/05, Tobias Meyer [EMAIL PROTECTED] wrote:
Or, cou could add a static hashmap to your Servlet (or a bean if using JSPs)
where you simply add the sessions with every request. You would have to put
an attribute implementing javax.servlet.http.HttpSessionActivationListener
in each session
Betreff: Re: custom session manager
On 10/6/05, Tobias Meyer [EMAIL PROTECTED] wrote:
Or, cou could add a static hashmap to your Servlet (or a
bean if using JSPs)
where you simply add the sessions with every request. You
would have to put
an attribute implementing
On 10/6/05, Tobias Meyer [EMAIL PROTECTED] wrote:
The problem is AFAIK, that you cannot access the list of all sessions
through the servlet-api.
That feature was in the servlet-api at some time, but was removed, IIRC due
to security issues.
If you have a list of all sessions, you can easily
There is one problem with this approach. Load balancing/clustering.
If you have a HashMap in one tomcat JVM, how does that information get
propogated to other JVM's possibly on other machines?
Thank you by the way for all the inputs so far
On 10/6/05, Leon Rosenberg [EMAIL PROTECTED]
This is about 90% of what I want. One of the features I want to put
into my session manager is the ability to only have one open session
per user. What I would like is to have a createSession method that
takes in user and host. This way I could be relatively sure that the
user could only have
I have never seen that the getRemoteUser method you are referring to
returned something userful, or just something other then null. Taken
in account different browsers, proxies, internet-cafes... I don't
think it's possible.
On the other hand, why do you need that? As a matter of security this
basically, I want to prevent users from logging in and creating a
second session if a valid session for that user already exists.
For instance.
1. Log in to my web app, session is created
2. browse around in my web app
3. close browser, do not logout
4. Start browser up again
5. try and log in
From: Mark [mailto:[EMAIL PROTECTED]
Subject: Re: custom session manager
basically, I want to prevent users from logging in and creating a
second session if a valid session for that user already exists.
Why? Some strange security issue? Resource consumption? An anti-DoS
measure
On 10/6/05, Mark [EMAIL PROTECTED] wrote:
basically, I want to prevent users from logging in and creating a
second session if a valid session for that user already exists.
For instance.
1. Log in to my web app, session is created
2. browse around in my web app
3. close browser, do not
check this out:
http://www.niallp.pwp.blueyonder.co.uk/TomcatBug36541.html
The link itself handles a bug, but one of the solutions is to replace
the std. manager with custom manager with all info you need to
actually do this. I thin kthis fits your question.
regards
leon
On 9/29/05, Mark
10 matches
Mail list logo
