----- Original Message -----
From: "MartinOShea" <[EMAIL PROTECTED]>
To: <users@tomcat.apache.org>
Sent: Monday, July 28, 2008 10:15 AM
Subject: Programmatically detecting login or logout events
Hello
I'm trying to find a way to detect the events caused when a user logs into
or logs out of an application I'm working on. I want to record these
events
so that I know the exact steps a user has taken through the application's
JSPs and servlets. I want to do this without reference to the Apache
Tomcat
server logs as well.
I have tried the following code in index.jsp (which is serving as each
user's home page):
<% if (request.getParameter("logoff") != null) {
session.invalidate();
response.sendRedirect("/myDataSharer/jsp/user/index.jsp");
return;
} %>
And I have tried using variations like:
<% if (request.getParameter("logon") == true) {
But without success.
I have used request.getRemoteUser() at various points in the application
to
identify the current user when they are authenticated by Apache Tomcat.
However, request.getRemoteUser() does not tell me when the user logged in
or off.
Does anyone know a way that the login and logout events can be recorded by
an event in a program, a session object and so on?
Martin the problem is that even when you invalidat the session... the
browser itself still knows that the user is cool...
So TC will send it a new session ID and it will return the info without even
asking the user to logon as such...
Even when a user opens a new page in the browser... it knows they "still"
cool
Until the browser is closed they logged on ;)
And there is no direct "the browser is gone event"... browsers are stateless
yada yada
if request.getRemoteUser() has the users name... they on... you dont know
when they off
but you can track the user... either you have that in every page and if you
get a name you record time page url...
or you can stick that in a filter... which sits in front of all your pages,
so you dont have to doctor every page on a site...
You know when they in... you dont know when they gone..
Some security systems do have the ability to timeout dormant browsers... ie
the user has left it open and left their desk, but TC I dont think can do
that without addon tools.
request.getRemoteUser() in a filter will do what you need I think... you
can track em... but you dont know when they having lunch ;)
Good Luck
---------------------------------------------------------------------------
HARBOR : http://www.kewlstuff.co.za/index.htm
The most powerful application server on earth.
The only real POJO Application Server.
See it in Action : http://www.kewlstuff.co.za/cd_tut_swf/whatisejb1.htm
---------------------------------------------------------------------------
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
