Re: probably a cleaner way... testing for just one user

Wed, 27 Jul 2005 21:48:39 -0700 

Hi Rick,

Rick Reumann wrote:


David G. Friedman wrote the following on 7/27/2005 12:35 AM:
When a session is created, have the SessionListener update a session count. If the count is 2 or more then call SessionEvent.getSession().invalidate() to cancel the session. Then the session listener's Session destroy method 
can decrement the counter appropriately.   And once the main session is
removed (via logout or timeout) it would set the session count back to zero 
so someone new could login to the webapp.  But it sounds like Rick found
some issues with that kind of approach where it doesn't match that simple 
kind of logic.
I tried something like the above but there was a problem. The problem was that the Session destroy method that decrements the counter gets called whenever session.invalidate() is called, so say the first person logs in... the static counter goes to "1." Now another person tries to login and the session listener sees that it's "1" so it calls invalidate. Now you just set it back to 0 so another follow up session will think it's ok to login when it isn't. 


You can try something like this:

public class SessionListener implements HttpSessionListener {

   public static int sessionCount = 0;
   public static final int MAX_SESSIONS = 2;
public void sessionCreated(HttpSessionEvent sevent) { 
       synchronized (SessionListener.class) {
           if (++sessionCount > MAX_SESSIONS) {
sevent.getSession().setAttribute(Constants.INVALIDATE, Boolean.TRUE); 
           }
       }
   }

   public void sessionDestroyed(HttpSessionEvent sevent) {
       synchronized (SessionListener.class) {
           --sessionCount;
       }
   }
} 

In your filter :

...
if (! (path.contains("appInUse.jsp") || path.contains("logout.jsp")) ) { 

           HttpSession session = request.getSession();

           if (session.getAttribute(Constants.INVALIDATE) != null) {
               session.invalidate();
response.sendRedirect(request.getContextPath() + "/appInUse.jsp"); 
               return;
           }
       }
...

I tried a few basic tests and it seems to work.


Regards,
Tamas




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to