Re: session ids
You can retrieve the current user's session id from the HttpSessionBindingEvent e using e.getSession().getId(). Use this value to look up an entry in your hastable and remove it. The HttpSessionBindingEvent is generated when the session is invalidated (valueUnbound()) or created (valueBound()). For more details read the Java doc on HttpSessionBindingEvent. Make sure your class maintaining the hashtable implements the javax.servlet.http.HttpSessionBindingListener interface. Regards, Guus - Original Message - From: Rakesh [EMAIL PROTECTED] To: Jon Crater [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Sunday, August 19, 2001 12:01 Subject: Re: session ids do u have an example Rakesh Ayilliath [EMAIL PROTECTED] - Original Message - From: Jon Crater [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 16, 2001 10:27 PM Subject: Re: session ids rakesh-- you can solve this problem by having the class responsible for managing the hashtable of session ids implement HttpSessionBindingListener. fill out the valueBound(HttpSessionBindingEvent event) and valueUnbound(HttpSessionBindingEvent event) methods so that the appropriate session id is added/removed when the hashtable manager is unbound from the session. jon Original Message Follows From: Rakesh [EMAIL PROTECTED] Reply-To: Rakesh [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: session ids Date: Thu, 16 Aug 2001 22:12:50 +0530 Hi Greg, I know that this sessioncontext api is currently deprecated. I require this for a very specific reason. When I log-in a user, I save his loginID and the sessionId in a static hash table. and when he is logged out, I remove it. Each time someone tries to log-in, I check in to the hash to see if he is already logged in and display appropriate error messages to him. When he logs out by clicking on a logout.do, I remove his loginID from the hash and invalidate his session. Now what happens; if he just closes the browser window, or if his session is timed out ? How do I remove his name from the Hash ? Kindly help. Rakesh Ayilliath [EMAIL PROTECTED] - Original Message - From: Greg Maletic To: [EMAIL PROTECTED] ; Rakesh Sent: Thursday, August 16, 2001 9:54 PM Subject: RE: session ids I don't believe you can get all valid sessionIDs from the server. I think the API for doing so was deprecated a while back for security reasons. The way I've solved this in the past was to have each session register itself into a application-scoped hashmap, and maintain that map myself. --Greg -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]O n Behalf Of Rakesh Sent: Thursday, August 16, 2001 12:28 AM To: [EMAIL PROTECTED] Subject: session ids Hi , Is there anyway I can get all valid session ids from the server ? Rakesh Ayilliath (Software Engineer) Synergy IT Innovations Pvt Ltd, #196, 1st Floor, 9th Cross, HMT Layout, RT Nagar Bangalore 560032 [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
Re: session ids
do u have an example Rakesh Ayilliath [EMAIL PROTECTED] - Original Message - From: Jon Crater [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 16, 2001 10:27 PM Subject: Re: session ids rakesh-- you can solve this problem by having the class responsible for managing the hashtable of session ids implement HttpSessionBindingListener. fill out the valueBound(HttpSessionBindingEvent event) and valueUnbound(HttpSessionBindingEvent event) methods so that the appropriate session id is added/removed when the hashtable manager is unbound from the session. jon Original Message Follows From: Rakesh [EMAIL PROTECTED] Reply-To: Rakesh [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: session ids Date: Thu, 16 Aug 2001 22:12:50 +0530 Hi Greg, I know that this sessioncontext api is currently deprecated. I require this for a very specific reason. When I log-in a user, I save his loginID and the sessionId in a static hash table. and when he is logged out, I remove it. Each time someone tries to log-in, I check in to the hash to see if he is already logged in and display appropriate error messages to him. When he logs out by clicking on a logout.do, I remove his loginID from the hash and invalidate his session. Now what happens; if he just closes the browser window, or if his session is timed out ? How do I remove his name from the Hash ? Kindly help. Rakesh Ayilliath [EMAIL PROTECTED] - Original Message - From: Greg Maletic To: [EMAIL PROTECTED] ; Rakesh Sent: Thursday, August 16, 2001 9:54 PM Subject: RE: session ids I don't believe you can get all valid sessionIDs from the server. I think the API for doing so was deprecated a while back for security reasons. The way I've solved this in the past was to have each session register itself into a application-scoped hashmap, and maintain that map myself. --Greg -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]O n Behalf Of Rakesh Sent: Thursday, August 16, 2001 12:28 AM To: [EMAIL PROTECTED] Subject: session ids Hi , Is there anyway I can get all valid session ids from the server ? Rakesh Ayilliath (Software Engineer) Synergy IT Innovations Pvt Ltd, #196, 1st Floor, 9th Cross, HMT Layout, RT Nagar Bangalore 560032 [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
RE: session ids
I don't believe you can get all valid sessionIDs from the server. I thinkthe API for doing so was deprecated a while back for security reasons. The way I'vesolvedthis in the past was to have each session register itself into a application-scoped hashmap, and maintain thatmap myself. --Greg -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of RakeshSent: Thursday, August 16, 2001 12:28 AMTo: [EMAIL PROTECTED]Subject: session ids Hi , Is there anyway I can get all valid session ids from the server ? Rakesh Ayilliath(Software Engineer) Synergy IT Innovations Pvt Ltd,#196, 1st Floor, 9th Cross,HMT Layout, RT NagarBangalore 560032 [EMAIL PROTECTED]
Re: session ids
Hi Greg, I know that this sessioncontext apiis currently deprecated. I require this for a very specific reason. When I log-in a user, I save his loginID and the sessionId in a static hash table. and when he is logged out, I remove it. Each time someone tries to log-in, I check in to the hash to see if he is already logged in and display appropriate error messages to him. When he logs out by clicking on a logout.do, Iremove his loginID from the hash and invalidate his session. Now what happens; if he just closes the browser window, or if his session is timed out ? How do I remove his name from the Hash ? Kindly help. Rakesh Ayilliath [EMAIL PROTECTED] - Original Message - From: Greg Maletic To: [EMAIL PROTECTED] ; Rakesh Sent: Thursday, August 16, 2001 9:54 PM Subject: RE: session ids I don't believe you can get all valid sessionIDs from the server. I thinkthe API for doing so was deprecated a while back for security reasons. The way I'vesolvedthis in the past was to have each session register itself into a application-scoped hashmap, and maintain thatmap myself. --Greg -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of RakeshSent: Thursday, August 16, 2001 12:28 AMTo: [EMAIL PROTECTED]Subject: session ids Hi , Is there anyway I can get all valid session ids from the server ? Rakesh Ayilliath(Software Engineer) Synergy IT Innovations Pvt Ltd,#196, 1st Floor, 9th Cross,HMT Layout, RT NagarBangalore 560032 [EMAIL PROTECTED]
Re: session ids
rakesh-- you can solve this problem by having the class responsible for managing the hashtable of session ids implement HttpSessionBindingListener. fill out the valueBound(HttpSessionBindingEvent event) and valueUnbound(HttpSessionBindingEvent event) methods so that the appropriate session id is added/removed when the hashtable manager is unbound from the session. jon Original Message Follows From: Rakesh [EMAIL PROTECTED] Reply-To: Rakesh [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: session ids Date: Thu, 16 Aug 2001 22:12:50 +0530 Hi Greg, I know that this sessioncontext api is currently deprecated. I require this for a very specific reason. When I log-in a user, I save his loginID and the sessionId in a static hash table. and when he is logged out, I remove it. Each time someone tries to log-in, I check in to the hash to see if he is already logged in and display appropriate error messages to him. When he logs out by clicking on a logout.do, I remove his loginID from the hash and invalidate his session. Now what happens; if he just closes the browser window, or if his session is timed out ? How do I remove his name from the Hash ? Kindly help. Rakesh Ayilliath [EMAIL PROTECTED] - Original Message - From: Greg Maletic To: [EMAIL PROTECTED] ; Rakesh Sent: Thursday, August 16, 2001 9:54 PM Subject: RE: session ids I don't believe you can get all valid sessionIDs from the server. I think the API for doing so was deprecated a while back for security reasons. The way I've solved this in the past was to have each session register itself into a application-scoped hashmap, and maintain that map myself. --Greg -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Rakesh Sent: Thursday, August 16, 2001 12:28 AM To: [EMAIL PROTECTED] Subject: session ids Hi , Is there anyway I can get all valid session ids from the server ? Rakesh Ayilliath (Software Engineer) Synergy IT Innovations Pvt Ltd, #196, 1st Floor, 9th Cross, HMT Layout, RT Nagar Bangalore 560032 [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
RE: session ids
You need whatever class that maintains the hash (maybe the hash itself) to implement the HttpSessionBindingListener. You then need to store the listener as an attribute to each session that registers with you. When the session dies, it will notify your object, and it will tell you which session it was associated with. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of RakeshSent: Thursday, August 16, 2001 9:43 AMTo: [EMAIL PROTECTED]; [EMAIL PROTECTED]Subject: Re: session ids Hi Greg, I know that this sessioncontext apiis currently deprecated. I require this for a very specific reason. When I log-in a user, I save his loginID and the sessionId in a static hash table. and when he is logged out, I remove it. Each time someone tries to log-in, I check in to the hash to see if he is already logged in and display appropriate error messages to him. When he logs out by clicking on a logout.do, Iremove his loginID from the hash and invalidate his session. Now what happens; if he just closes the browser window, or if his session is timed out ? How do I remove his name from the Hash ? Kindly help. Rakesh Ayilliath [EMAIL PROTECTED] - Original Message - From: Greg Maletic To: [EMAIL PROTECTED] ; Rakesh Sent: Thursday, August 16, 2001 9:54 PM Subject: RE: session ids I don't believe you can get all valid sessionIDs from the server. I thinkthe API for doing so was deprecated a while back for security reasons. The way I'vesolvedthis in the past was to have each session register itself into a application-scoped hashmap, and maintain thatmap myself. --Greg -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of RakeshSent: Thursday, August 16, 2001 12:28 AMTo: [EMAIL PROTECTED]Subject: session ids Hi , Is there anyway I can get all valid session ids from the server ? Rakesh Ayilliath(Software Engineer) Synergy IT Innovations Pvt Ltd,#196, 1st Floor, 9th Cross,HMT Layout, RT NagarBangalore 560032 [EMAIL PROTECTED]
Re: session ids cont...
In [EMAIL PROTECTED] this issue was discussed (why and when IE supports different sessionID, and Netscape - not). The main thing is, Netscape is reading any cookies from one file, IE - from different files. Peter Alfors wrote: I.E. 5.0 and 5.5 generate unique session ids for each simultaneous browser session. However, both Netscape 4.7 and Netscape 6 return the same Id. I dont think that URL-rewriting will help in this situation. If I understand URL-rewriting correctly, all that is happening is that the session id is being tacked on the end of the request URL. Has anyone else run into this problem (and hopefully come up with a solution?) One alternative is to generate my own session object with a unique Id the frist time the user makes a request. Then the action controller could manage the sessions, while the pages use URL-rewriting to notify the action controller which session to use. I don't particularly care for this solution, so I am hoping that I am over-looking something simple. :) Pete
Re: session ids cont...
In [EMAIL PROTECTED] this issue was discussed (why and when IE supports different sessionID, and Netscape - not). The main thing is, Netscape is reading any cookies from one file, IE - from different files. Do you have a reference to said article? If not how about the subject and date? Hum... IE and Netscape sharing the same id? I never thought they could. I guess I already realized that they store cookies in different files. Is that what was being asked? Steve
Re: session ids cont...
I have just tested our web application prototype on Netscape 4.7 and there
are no problems
with URL-rewriting and jessionid's.
The servlet container (Resin 1.1.5) picks the right sessions for the right
clients.
We use a mix of hardcoded with dynamic jsessionid insertion, Struts
html:link and Javascript generated links on our pages and it works fine.
The following principles were used:
- Hardcoded links: a
href='http://host/execute/action;jsessionid=%=session.getId()%'Text/a
- Struts: well it does it by itself.
- JavaScript: call a function with parameter jessionid obtained from session
object and use it to build link. Example:
function openInfoWin(host, oid, sessionID)
{
var hostURL = "http://"+host+";jsessionid="+sessionID+"?oid="+oid;
window.open(hostURL, "InfoWin", "scrollbars=no, resizable=yes, width=600,
height=800");
}
We always put the jsessionid right after the URL since it is a path
parameter and *not* a request parameter.
Remember to use semicolon as divider or else it will not be picked up.
Could you provide an example of your nonworking JSP or Java code ?
- Original Message -
From: "Peter Alfors" [EMAIL PROTECTED]
To: "struts-user" [EMAIL PROTECTED]
Sent: Thursday, February 01, 2001 5:12 PM
Subject: session ids cont...
I.E. 5.0 and 5.5 generate unique session ids for each simultaneous
browser session. However, both Netscape 4.7 and Netscape 6 return the
same Id.
I dont think that URL-rewriting will help in this situation. If I
understand URL-rewriting correctly, all that is happening is that the
session id is being tacked on the end of the request URL.
Has anyone else run into this problem (and hopefully come up with a
solution?)
One alternative is to generate my own session object with a unique Id
the frist time the user makes a request. Then the action controller
could manage the sessions, while the pages use URL-rewriting to notify
the action controller which session to use.
I don't particularly care for this solution, so I am hoping that I am
over-looking something simple. :)
Pete
Re: session ids cont...
Peter, I.E. 5.0 and 5.5 generate unique session ids for each simultaneous browser session. However, both Netscape 4.7 and Netscape 6 return the same Id. What do you mean by simultaneous browser sessions. If you create a new window CTL+N in IE5.0 you get the same id. (Is this simultaneous?) I thought that both netscape and IE generate new id's if you launch the browser from the desktop. I also thought both netscape and IE use the same id's if you create a new window from an existing window. I use IE5.0 for my testing and this is that way it works, at least with the build from 01-28-2001. I can create a new browser window from the current one and both have the same jsessionid. I'm using Tomcat4.0-m5 for my testing. I don't know what you are using. Are you using the html:link for all of your links? And are you using html:action for all of your actions? I found that if you don't you will have a problem. It's either all or nothing. If it's nothing your on your own. At least that has been my experience. Steve
Re: session ids cont...
It was posted as a Subject : "what starts session?", Date: Wed, 24 Jan 2001 16:07:49 -0800 (PST) and responses were followed. "Steven D. Wilkinson" wrote: In [EMAIL PROTECTED] this issue was discussed (why and when IE supports different sessionID, and Netscape - not). The main thing is, Netscape is reading any cookies from one file, IE - from different files. Do you have a reference to said article? If not how about the subject and date? Hum... IE and Netscape sharing the same id? I never thought they could. I guess I already realized that they store cookies in different files. Is that what was being asked? Steve
Re: session ids cont...
"Steven D. Wilkinson" wrote: Peter, I.E. 5.0 and 5.5 generate unique session ids for each simultaneous browser session. However, both Netscape 4.7 and Netscape 6 return the same Id. What do you mean by simultaneous browser sessions. If you create a new window CTL+N in IE5.0 you get the same id. (Is this simultaneous?) If I start Netscape 4.7 from my desktop (2 instances of it) and go to the same page in my webapp. I can printout the session id on the screen. Both browser instances will have the same session id. However, two instances of IE 5.0 will have different IDs. (this is what I want). I thought that both netscape and IE generate new id's if you launch the browser from the desktop. I also thought both netscape and IE use the same id's if you create a new window from an existing window. I haven't tried creating a new window from either netscape or IE. But if this will cause both windows to have the same session, then this is something I need to handle also. I use IE5.0 for my testing and this is that way it works, at least with the build from 01-28-2001. I can create a new browser window from the current one and both have the same jsessionid. I am using IE 5.0 5.5 and Netscape 4.7 6 for testing. I'm using Tomcat4.0-m5 for my testing. I don't know what you are using. I am using Tomcat 3.2 Are you using the html:link for all of your links? And are you using html:action for all of your actions? I found that if you don't you will have a problem. It's either all or nothing. If it's nothing your on your own. At least that has been my experience. Right now I am NOT encoding my links. However, if my assumptions are correct... Encoding the links will not help me. Encoding adds the session id as a query string to the links. If the two windows have the same session, then the links (in each window) will still use the same session. Steve Here is the problem I am running across. I use beans that store information pertaining to a specific record in the database. When a user selects an item from a list, the bean is populated and placed in the session. I put it in the session because subsequent pages require this beans information as well. However, if the user has two browser windows running, sharing a session, it is possible for the user to update the data for the bean in one window, and then retrieve incorrect information in the other window. It is very probable that a user will want to have multiple browsers running so that he/she can compare data. I hope you can all follow that. I don't think that I described it very well. begin:vcard n:; x-mozilla-html:FALSE org:BRIMG SRC="http://www.irista.com/logo/irista.gif"BRBRFONT Color=#80FONT SIZE=2BBringing Vision to Your Supply Chain adr:;; version:2.1 end:vcard
RE: session ids cont...
Title: RE: session ids cont... I had similiar problems. You need to turn off the use of Cookies on your server (in Tomcat this setting is in server.xml). When the user opens 2 browsers, they will always have different session ids in both IE and Netscape since the first URL they will use will not have a session id included. If you open a new browser from another such as via JavaScript window.open(), you need to make sure the URL is NOT encoded with the session id. This will cause the server to start a new session. Unfortunately, all the Struts tags dealing with URLs (Form, Link, etc.) always encode, so you can't use them when creating the new URL. Gary -Original Message- From: Peter Alfors To: [EMAIL PROTECTED] Sent: 2/1/01 2:28 PM Subject: Re: session ids cont... Steven D. Wilkinson wrote: Peter, I.E. 5.0 and 5.5 generate unique session ids for each simultaneous browser session. However, both Netscape 4.7 and Netscape 6 return the same Id. What do you mean by simultaneous browser sessions. If you create a new window CTL+N in IE5.0 you get the same id. (Is this simultaneous?) If I start Netscape 4.7 from my desktop (2 instances of it) and go to the same page in my webapp. I can printout the session id on the screen. Both browser instances will have the same session id. However, two instances of IE 5.0 will have different IDs. (this is what I want). I thought that both netscape and IE generate new id's if you launch the browser from the desktop. I also thought both netscape and IE use the same id's if you create a new window from an existing window. I haven't tried creating a new window from either netscape or IE. But if this will cause both windows to have the same session, then this is something I need to handle also. I use IE5.0 for my testing and this is that way it works, at least with the build from 01-28-2001. I can create a new browser window from the current one and both have the same jsessionid. I am using IE 5.0 5.5 and Netscape 4.7 6 for testing. I'm using Tomcat4.0-m5 for my testing. I don't know what you are using. I am using Tomcat 3.2 Are you using the html:link for all of your links? And are you using html:action for all of your actions? I found that if you don't you will have a problem. It's either all or nothing. If it's nothing your on your own. At least that has been my experience. Right now I am NOT encoding my links. However, if my assumptions are correct... Encoding the links will not help me. Encoding adds the session id as a query string to the links. If the two windows have the same session, then the links (in each window) will still use the same session. Steve Here is the problem I am running across. I use beans that store information pertaining to a specific record in the database. When a user selects an item from a list, the bean is populated and placed in the session. I put it in the session because subsequent pages require this beans information as well. However, if the user has two browser windows running, sharing a session, it is possible for the user to update the data for the bean in one window, and then retrieve incorrect information in the other window. It is very probable that a user will want to have multiple browsers running so that he/she can compare data. I hope you can all follow that. I don't think that I described it very well. Card for Peter Alfors
Re: session ids cont...
Peter Alfors wrote: "Kramer, Gary" wrote: I had similiar problems. You need to turn off the use of Cookies on your server (in Tomcat this setting is in server.xml). When the user opens 2 browsers, they will always have different session ids in both IE and Netscape since the first URL they will use will not have a session id included. How do I turn off the use of cookies in the server.xml? I only see one location where cookies are mentioned. !-- Request processing -- !-- Session interceptor will extract the session id from cookies and deal with URL rewriting ( by fixing the URL ) -- RequestInterceptor className="org.apache.tomcat.request.SessionInterceptor" / Do I comment out this section? For Tomcat 3.2.1 there is a noCookies attribute on this entry that defaults to "false". You need to set it to "true": RequestInterceptor className="org.apache.tomcat.request.SessionInterceptor" noCookies="true"/ NOTE: Using URL rewriting does *not* catch every case of multiple windows sharing session ids. Consider that the user can right-click on a hyperlink (containing the session id) and select "Open in New Window". Because the hyperlink being clicked had a session id in it already, the new window will still be part of the old session -- so your app logic needs to be ready to deal with this. Craig McClanahan
