Re: [OT] [session] Shared userId
I know what you want to do. In the web environment, it is impossible. For every solution you can think of, I can come up with at least 2 what if scenarios that will invalidate your logic. I've been through this with at least 5 different Product Managers and there is just no way to handle it. Sorry if this is only discouraging news, but it is reality. Good Luck James Aravapalli, Udaya wrote: Hi I want to check if an user tries to login with an userId for which a session is already existing and show a message. This can also be applied if two users want to share the same userId and try to login at the same time. Whenever a session is being created by the user , I want to store the userId in the database using the valueBound method in HttpSessionBindingListener and remove it from the Database when the session is invalidated using the valueUnbound method. But this will not work if the user does not explicitly invalidate the session (like closing the browser).Then the session will remain active until the session time out has reached. Is there any way to determine an browser closing action by the user and invalidate the session.. thanks Uday -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: [OT] [session] Shared userId
Not without using a persistent connection with an applet. HTTP is a stateless protocol, remember? -Original Message- From: Aravapalli, Udaya [mailto:[EMAIL PROTECTED]] Sent: Friday, October 04, 2002 11:46 AM Is there any way to determine an browser closing action by the user and invalidate the session? -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [OT] [session] Shared userId
No - there's not a reliable way to do it. You could lower your session timeout - or simply inform your users of the consequences of not logging out. Of course, there are going to be some folks who will have Windows crash on them (!) and they might get a bit perterbed that - through no fault of their own - they have to wait for their session to expire before they can log back in. You might ... give yourself a way to get ahold of the existing session and close that session. Of course ... that could perterb some folks too :-) I suppose you could examine it before you close it and see how long it has been idle. You could then implement some policy of A session must be idle XX minutes before we can manually 'trash' it. So you'd wind up examining the session on basis of how long it has sat idle - and only drop folks that are idle for a given period of time (ex. session timeout is normally 30 minutes, but you implement an agressive timeout of 15 minutes [ or shorter, according to your view/needs ]). Aravapalli, Udaya wrote: Hi I want to check if an user tries to login with an userId for which a session is already existing and show a message. This can also be applied if two users want to share the same userId and try to login at the same time. Whenever a session is being created by the user , I want to store the userId in the database using the valueBound method in HttpSessionBindingListener and remove it from the Database when the session is invalidated using the valueUnbound method. But this will not work if the user does not explicitly invalidate the session (like closing the browser).Then the session will remain active until the session time out has reached. Is there any way to determine an browser closing action by the user and invalidate the session.. thanks Uday -- Eddie Bush -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: [OT] [session] Shared userId
Yes.It's disappointing. But I am also curious if anybody knows how the BIG sites handle this issue. Mainly if the licensing is based on the number of userIds , the purpose will be defeated if the same userId is shared by many users. -Original Message- From: James Mitchell [ mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ] Sent: Friday, October 04, 2002 11:15 AM To: Struts Users Mailing List Subject: Re: [OT] [session] Shared userId I know what you want to do. In the web environment, it is impossible. For every solution you can think of, I can come up with at least 2 what if scenarios that will invalidate your logic. I've been through this with at least 5 different Product Managers and there is just no way to handle it. Sorry if this is only discouraging news, but it is reality. Good Luck James Aravapalli, Udaya wrote: Hi I want to check if an user tries to login with an userId for which a session is already existing and show a message. This can also be applied if two users want to share the same userId and try to login at the same time. Whenever a session is being created by the user , I want to store the userId in the database using the valueBound method in HttpSessionBindingListener and remove it from the Database when the session is invalidated using the valueUnbound method. But this will not work if the user does not explicitly invalidate the session (like closing the browser).Then the session will remain active until the session time out has reached. Is there any way to determine an browser closing action by the user and invalidate the session.. thanks Uday -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
Re: [OT] [session] Shared userId
Well, I guess you could keep multiple logins down to a single user (preventing more than 1 user to login), but trying to keep the use in one window is where things fail. If using JavaScript is out, then I suppose you could detect a user who has multiple windows, through proper use of tokens (see docs). It gets really hairy at this point, and I don't like to go down that road. Anyway, good luck with whatever you decide. Aravapalli, Udaya wrote: Yes.It's disappointing. But I am also curious if anybody knows how the BIG sites handle this issue. Mainly if the licensing is based on the number of userIds , the purpose will be defeated if the same userId is shared by many users. -- James Mitchell Software Engineer\Struts Evangelist Struts-Atlanta, the Open Minded Developer Network http://www.open-tools.org/struts-atlanta -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
