On Sunday, Oct-03-1999 16:54 PM (PDT) [EMAIL PROTECTED] (Craig R. McClanahan)
wrote:
|> Pinghua Young wrote:
|>
|> > Craig, thanks for your responses! In one of your later messages, you
|> > mentioned you have designed an admin app so that a user's session
|> > can be terminated. I wonder how you did that.
|> >
|> > Right now, what I did is:
|> >
|> > #1. Create a static hashtable (indexed by userID) in my base servlet;
|>
|> Is there a particular reason you chose a static variable instead of an instance
|variable? Statics
|> can get you in trouble if you are running more than one application in the same
|server that uses
|> the same base servlet class. If your base servlet does not implement
|SingleThreadModel, you can
|> count on there being a single instance (per application), unless you're using a
|distributed server
|> type environment (in which case static won't help you either).
No particular reason. But I do make sure I use synchronized method whenever
I am accessing the hashtable. It's all one app context right now.
|> > #2. Put the session into this hashtable when user logins;
|>
|> Because it's keyed by user id, I assume you've got a restriction that no
|simultaneous logins are
|> allowed, right?
We do allow multiple logins from same users, but I actually put the
sessions into another hashtable keyed by sessionID, and then put
this hashtable into my hashtable keyed by userID.
|> > #3. Then I can clear the user's session from my admin servlet if given a valid
|userID;
|>
|> Don't forget to clear the entry if the user's session times out, or the user
|executes your normal
|> "logout" action.
Yes, they are being cleared.
|> > The problem I have is this: if the web server gets restarted, then
|> > my hashtable will be gone, but the existing users' sessions are still
|> > active, and I can't clear them because my hashtable doesn't have
|> > their references anymore. Now even if I serialize out my hashtable
|> > to disk and read it back in when server restarts, I don't think they
|> > will contain references to the same sessions. Am I right?
|> >
|>
|> When a session stops existing is sort of a metaphysical question :-).
|>
|> If your servlet engine does not support session persistence across server restarts,
|then all
|> sessions that were active at the moment the server was restarted are no longer
|valid. The browser
|> will still pass in a session ID cookie (or a URL with an encoded session ID) for
|the old session
|> ID, but that won't be recognized as valid by the engine. Thus, saving references
|to the old
|> session objects won't do you any good. This is pretty much the same thing that
|happens when a
|> session times out -- the browser doesn't know that, so it still asks for the old
|session, but the
|> server no longer recognizes the requested ID as valid.
|>
|> If you want sessions (and presumably the user data objects stored in them) to
|survive a web server
|> restart, you need to use a servlet engine that supports this. There will also be
|restrictions on
|> the kinds of objects you can store in such a sesssion -- such as the requirement
|that they must
|> implement Serializable.
We are using ServletExec 2.1 and it does support sessions across server
restart. The problem I have is, I don't have any way to make my hashtable
persistent across server restart. All data in our sessions are
Serializable.
Without an API method to somehow get a list of active sessions, I can't
seem to be to do what I want, which is very desirable IMHO.
--Pinghua
|>
|>
|> > Thanks! --Pinghua
|> >
|>
|> Craig
|>
|> ___________________________________________________________________________
|> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
|> of the message "signoff SERVLET-INTEREST".
|>
|> Archives: http://archives.java.sun.com/archives/servlet-interest.html
|> Resources: http://java.sun.com/products/servlet/external-resources.html
|> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
