"Mohan K. Chintala" wrote:
> hi All,
>
> I am binding the session object with the username and storing it in
> a Hashtable. I want to check whether it is the same session or not, whenever
> an user logs in. I want to check whether the same user has already Logged
> In. Its working fine with Windows NT and Servlet Exec. But Whenever i deploy
> the same application on linux(Tomcat with Appache). I am getting the Current
> Session from the Hashtable(Which is Global (Servlet-Level) Variable). Could
> any one know what the Problem could be. I look forward to an answer from
> one of our mail list friends.
>
You might want to turn your thinking inside out on how to handle this problem
:-).
Consider that the servlet container is already maintaining a Hashtable of all
the sessions, in some global static variable, for you. Therefore, keeping your
own global Hashtable is a duplication of effort.
The strategy I follow is to store a username (or some User object) as a session
attribute when the user logs on, like this:
HttpSession session = request.getSession();
String username = ... whatever the username is ...
session.setAttribute("user", username);
Now on every request, I can check very simply whether the user is logged on or
not:
HttpSession session = request.getSession();
String username = (String) request.getAttribute("user");
if (username == null) {
... the user is *not* logged on ...
} else {
... the user *is* logged on ...
}
Why does this work?
* The servlet container always gets the right session for you,
creating a new one if necessary.
* Your "login" process decided that this was an authorized
user, and put the "user" attribute there.
* If the user comes back before the session has timed out,
the "user" attribute will still be present.
* If the session has timed out, a new session will be created
by the logic above -- but the "user" attribute will be missing
(because the user has not gone through your "login" yet).
Typically, you would redirect them to the login page here.
* If you invalidate() a session -- which you should do at "logout"
time -- the next request will create a new session (just as if
the old session had timed out) and the same thing happens:
you detect that they are not logged in, and redirect them
to the login page.
>
> Regards,
> mohan..
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
