RE: Not Logged in with the same loggin-password if it is already registered.
-Original Message- From: Ricardo Andres Quintero [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 28, 2004 12:04 PM To: [EMAIL PROTECTED] Subject: Not Logged in with the same loggin-password if it is already registered. Hello Guys I need not to let users to login in my app simultaneosly. I mean if a login-password is actually logged in, i need to invalidatye that session and then let the new login-password to work in, after invalidating the old session. Any ideas? and of course any examples? It's not an easy solution, however you keep track of whose logged in (database is normal), when you log them in check that. Then you need to inactivate the session.. which means keeping a list of all active sessions where you can get at it, so you can invalidate the existing session. I don't think there is any way to get a session from the sessionId built in to either struts or the JSP/Servlet spec.. it's something you'll have to yourself. A hashtable, using the sessionId in applicatio scope would do the trick. -- Ricardo Andrés Quintero R. Ubiquando Ltda. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Not Logged in with the same loggin-password if it is already registered.
It may not be as easy as the current session (for the new login) and the session that
you want to invalidate are different objects.
The main issue would be how to get a reference to all active sessions via some session
id. Apache Axis, for example, keeps track of them with a list of ActiveSessions.
Ivan Vasquez
(Compatriota :-)
-Original Message-
From: Geeta Ramani [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 28, 2004 4:05 PM
To: Struts Users Mailing List
Subject: RE: Not Logged in with the same loggin-password if it is already registered.
Ricardo:
Not sure where you are having problems..? Why wouldn't something like this
(pseudocode) work?
if (isLoggedIn(user)) {
session.invalidate();
}
//now proceed normally with login with un/pw...
Regards,
Geeta
-Original Message-
From: Ricardo Andres Quintero [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 28, 2004 3:04 PM
To: [EMAIL PROTECTED]
Subject: Not Logged in with the same loggin-password if it is already
registered.
Hello Guys
I need not to let users to login in my app simultaneosly.
I mean if a login-password is actually logged in, i need to
invalidatye that session and then let the new login-password
to work in, after invalidating the old session.
Any ideas? and of course any examples?
--
Ricardo Andrés Quintero R.
Ubiquando Ltda.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Not Logged in with the same loggin-password if it is already registered.
Geeta,
I read Ricardo's message differently in that the new login would come from
another machine, so the session wouldn't be shared and invalidated as you
wrote below. ough, technically, it (the session) could be shared across
computers if cookies were turned off and they had the same jsessionid (at
least in Tomcat 4 5).
Regards,
David
-Original Message-
From: Geeta Ramani [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 28, 2004 4:05 PM
To: Struts Users Mailing List
Subject: RE: Not Logged in with the same loggin-password if it is
already registered.
Ricardo:
Not sure where you are having problems..? Why wouldn't something like this
(pseudocode) work?
if (isLoggedIn(user)) {
session.invalidate();
}
//now proceed normally with login with un/pw...
Regards,
Geeta
-Original Message-
From: Ricardo Andres Quintero [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 28, 2004 3:04 PM
To: [EMAIL PROTECTED]
Subject: Not Logged in with the same loggin-password if it is already
registered.
Hello Guys
I need not to let users to login in my app simultaneosly.
I mean if a login-password is actually logged in, i need to
invalidatye that session and then let the new login-password
to work in, after invalidating the old session.
Any ideas? and of course any examples?
--
Ricardo Andrés Quintero R.
Ubiquando Ltda.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Not Logged in with the same loggin-password if it is already registered.
Ricardo, I can't think of any easy way to do that strictly within JAAS, but you didn't write if you were using JAAS. If you are using an Account object (of some sort) in the Session context, here is an idea for you: Have an application-scope object containing a map of usernames (or id numbers). The object returned is a reference to the Account object in that user's session. If you login a second time, reset the stored Account object to a blank user and/or blank id number so no actions will work with that ID number, then put the newly logged-in users's Account object in the map instead. You could design your own RequestProcessor.processRoles() method to see if the Application context as an Account object for that user with a blank user or blank id number then kick out a message explaining that the account has been logged off due to a login from another location or for another session. That would provide a more polite explanation of why the user was logged out, rather than him/her simply losing their session for unknown reasons. If you're using JAAS, this could work in conjunction with it depending on how you code it. Regards, David -Original Message- From: Ricardo Andres Quintero [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 28, 2004 3:04 PM To: [EMAIL PROTECTED] Subject: Not Logged in with the same loggin-password if it is already registered. Hello Guys I need not to let users to login in my app simultaneosly. I mean if a login-password is actually logged in, i need to invalidatye that session and then let the new login-password to work in, after invalidating the old session. Any ideas? and of course any examples? -- Ricardo Andrés Quintero R. Ubiquando Ltda. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Not Logged in with the same loggin-password if it is already registered.
yes you are right and I just realised that in fact.. ok never mind. i really need to
go home
-Original Message-
From: David Friedman [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 28, 2004 4:28 PM
To: Struts Users Mailing List
Subject: RE: Not Logged in with the same loggin-password if it is
already registered.
Geeta,
I read Ricardo's message differently in that the new login
would come from
another machine, so the session wouldn't be shared and
invalidated as you
wrote below. ough, technically, it (the session) could be
shared across
computers if cookies were turned off and they had the same
jsessionid (at
least in Tomcat 4 5).
Regards,
David
-Original Message-
From: Geeta Ramani [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 28, 2004 4:05 PM
To: Struts Users Mailing List
Subject: RE: Not Logged in with the same loggin-password if it is
already registered.
Ricardo:
Not sure where you are having problems..? Why wouldn't
something like this
(pseudocode) work?
if (isLoggedIn(user)) {
session.invalidate();
}
//now proceed normally with login with un/pw...
Regards,
Geeta
-Original Message-
From: Ricardo Andres Quintero [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 28, 2004 3:04 PM
To: [EMAIL PROTECTED]
Subject: Not Logged in with the same loggin-password if it
is already
registered.
Hello Guys
I need not to let users to login in my app simultaneosly.
I mean if a login-password is actually logged in, i need to
invalidatye that session and then let the new login-password
to work in, after invalidating the old session.
Any ideas? and of course any examples?
--
Ricardo Andrés Quintero R.
Ubiquando Ltda.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Not Logged in with the same loggin-password if it is already registered.
Exactly! Or use HttpSessionlistener and database solution (that jim outlined) simultaneously.. (We are doing almost this except as a solution to a kind of opposite problem - when a user logs off we need to do soem work so.. this seems to work nicely) -Original Message- From: news [mailto:[EMAIL PROTECTED] Behalf Of Bill Siggelkow Sent: Wednesday, July 28, 2004 4:28 PM To: [EMAIL PROTECTED] Subject: Re: Not Logged in with the same loggin-password if it is already registered. Maybe you could have a hashtable in the ServletContext that maps loginId to HttpSession -- then use a HttpSessionListener to listen for session creation -- when the session is created look for a value in the hashmap in the servlet context -- if it is there then invalidate the mapped session. Then add (put) the new mapping into the hashatable. Ricardo Andres Quintero wrote: Hello Guys I need not to let users to login in my app simultaneosly. I mean if a login-password is actually logged in, i need to invalidatye that session and then let the new login-password to work in, after invalidating the old session. Any ideas? and of course any examples? -- Ricardo Andrés Quintero R. Ubiquando Ltda. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Not Logged in with the same loggin-password if it is already registered.
-Original Message- From: Geeta Ramani [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 28, 2004 1:25 PM To: Struts Users Mailing List Subject: RE: Not Logged in with the same loggin-password if it is already registered. Exactly! Or use HttpSessionlistener and database solution (that jim outlined) simultaneously.. (We are doing almost this except as a solution to a kind of opposite problem - when a user logs off we need to do soem work so.. this seems to work nicely) Yeah, you'd have to use a session listener to get the sessio out of the hashtable. -Original Message- From: news [mailto:[EMAIL PROTECTED] Behalf Of Bill Siggelkow Sent: Wednesday, July 28, 2004 4:28 PM To: [EMAIL PROTECTED] Subject: Re: Not Logged in with the same loggin-password if it is already registered. Maybe you could have a hashtable in the ServletContext that maps loginId to HttpSession -- then use a HttpSessionListener to listen for session creation -- when the session is created look for a value in the hashmap in the servlet context -- if it is there then invalidate the mapped session. Then add (put) the new mapping into the hashatable. Ricardo Andres Quintero wrote: Hello Guys I need not to let users to login in my app simultaneosly. I mean if a login-password is actually logged in, i need to invalidatye that session and then let the new login-password to work in, after invalidating the old session. Any ideas? and of course any examples? -- Ricardo Andrés Quintero R. Ubiquando Ltda. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Not Logged in with the same loggin-password if it is already registered.
How do you handle the situation where the user closes the browser without logging out (the windows X is not always our friend ;) ). I am not familiar with the SessionListener. Would it help in some way? Robert [EMAIL PROTECTED] 7/28/2004 3:25:16 PM Exactly! Or use HttpSessionlistener and database solution (that jim outlined) simultaneously.. (We are doing almost this except as a solution to a kind of opposite problem - when a user logs off we need to do soem work so.. this seems to work nicely) -Original Message- From: news [mailto:[EMAIL PROTECTED] Behalf Of Bill Siggelkow Sent: Wednesday, July 28, 2004 4:28 PM To: [EMAIL PROTECTED] Subject: Re: Not Logged in with the same loggin-password if it is already registered. Maybe you could have a hashtable in the ServletContext that maps loginId to HttpSession -- then use a HttpSessionListener to listen for session creation -- when the session is created look for a value in the hashmap in the servlet context -- if it is there then invalidate the mapped session. Then add (put) the new mapping into the hashatable. Ricardo Andres Quintero wrote: Hello Guys I need not to let users to login in my app simultaneosly. I mean if a login-password is actually logged in, i need to invalidatye that session and then let the new login-password to work in, after invalidating the old session. Any ideas? and of course any examples? -- Ricardo Andrés Quintero R. Ubiquando Ltda. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Not Logged in with the same loggin-password if it is already registered.
AFAIK session timeout is the only notification you can get here. There are undoubtedly some wacky things we can do with javascript - reduce the session timeout to a small value and include some javascript polling in every page or something along those lines, but at the end of the day it comes down to a timeout. The session listener will be called for any session created / destroyed as soon as the container is aware itself. Brett Robert Miller wrote: How do you handle the situation where the user closes the browser without logging out (the windows X is not always our friend ;) ). I am not familiar with the SessionListener. Would it help in some way? Robert [EMAIL PROTECTED] 7/28/2004 3:25:16 PM Exactly! Or use HttpSessionlistener and database solution (that jim outlined) simultaneously.. (We are doing almost this except as a solution to a kind of opposite problem - when a user logs off we need to do soem work so.. this seems to work nicely) -Original Message- From: news [mailto:[EMAIL PROTECTED] Behalf Of Bill Siggelkow Sent: Wednesday, July 28, 2004 4:28 PM To: [EMAIL PROTECTED] Subject: Re: Not Logged in with the same loggin-password if it is already registered. Maybe you could have a hashtable in the ServletContext that maps loginId to HttpSession -- then use a HttpSessionListener to listen for session creation -- when the session is created look for a value in the hashmap in the servlet context -- if it is there then invalidate the mapped session. Then add (put) the new mapping into the hashatable. Ricardo Andres Quintero wrote: Hello Guys I need not to let users to login in my app simultaneosly. I mean if a login-password is actually logged in, i need to invalidatye that session and then let the new login-password to work in, after invalidating the old session. Any ideas? and of course any examples? -- Ricardo Andrés Quintero R. Ubiquando Ltda. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Not Logged in with the same loggin-password if it is already registered.
ps. But if you know what's good for you you will stay right away from javascript.. -Original Message- From: Brett Connor [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 28, 2004 4:47 PM To: Struts Users Mailing List Subject: Re: Not Logged in with the same loggin-password if it is already registered. AFAIK session timeout is the only notification you can get here. There are undoubtedly some wacky things we can do with javascript - reduce the session timeout to a small value and include some javascript polling in every page or something along those lines, but at the end of the day it comes down to a timeout. The session listener will be called for any session created / destroyed as soon as the container is aware itself. Brett Robert Miller wrote: How do you handle the situation where the user closes the browser without logging out (the windows X is not always our friend ;) ). I am not familiar with the SessionListener. Would it help in some way? Robert [EMAIL PROTECTED] 7/28/2004 3:25:16 PM Exactly! Or use HttpSessionlistener and database solution (that jim outlined) simultaneously.. (We are doing almost this except as a solution to a kind of opposite problem - when a user logs off we need to do soem work so.. this seems to work nicely) -Original Message- From: news [mailto:[EMAIL PROTECTED] Behalf Of Bill Siggelkow Sent: Wednesday, July 28, 2004 4:28 PM To: [EMAIL PROTECTED] Subject: Re: Not Logged in with the same loggin-password if it is already registered. Maybe you could have a hashtable in the ServletContext that maps loginId to HttpSession -- then use a HttpSessionListener to listen for session creation -- when the session is created look for a value in the hashmap in the servlet context -- if it is there then invalidate the mapped session. Then add (put) the new mapping into the hashatable. Ricardo Andres Quintero wrote: Hello Guys I need not to let users to login in my app simultaneosly. I mean if a login-password is actually logged in, i need to invalidatye that session and then let the new login-password to work in, after invalidating the old session. Any ideas? and of course any examples? -- Ricardo Andrés Quintero R. Ubiquando Ltda. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Not Logged in with the same loggin-password if it is already registered.
HTTP is a connectionless protocol, effectively a stateless protocol. Although 1.1 added some fancy bits like keepalive I believe these are more for performance than connection / lifecycle support, although I expect others here may well know more about this than I do. If you close the browser, or it decides to trash itself, or windows decides to trash itself, the server is usually the last one to know. But rest assured, when it does, session listener will be the next one to know :-) Geeta Ramani wrote: Yes but wont the container know when a user closes his/her window? Are you saying this isn't something that a container will be notified about..?/ ..hmm... maybe not... ok, Robert scratch my earlier note..(like I said i ought to go home..) -Original Message- From: Brett Connor [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 28, 2004 4:47 PM To: Struts Users Mailing List Subject: Re: Not Logged in with the same loggin-password if it is already registered. AFAIK session timeout is the only notification you can get here. There are undoubtedly some wacky things we can do with javascript - reduce the session timeout to a small value and include some javascript polling in every page or something along those lines, but at the end of the day it comes down to a timeout. The session listener will be called for any session created / destroyed as soon as the container is aware itself. Brett Robert Miller wrote: How do you handle the situation where the user closes the browser without logging out (the windows X is not always our friend ;) ). I am not familiar with the SessionListener. Would it help in some way? Robert [EMAIL PROTECTED] 7/28/2004 3:25:16 PM Exactly! Or use HttpSessionlistener and database solution (that jim outlined) simultaneously.. (We are doing almost this except as a solution to a kind of opposite problem - when a user logs off we need to do soem work so.. this seems to work nicely) -Original Message- From: news [mailto:[EMAIL PROTECTED] Behalf Of Bill Siggelkow Sent: Wednesday, July 28, 2004 4:28 PM To: [EMAIL PROTECTED] Subject: Re: Not Logged in with the same loggin-password if it is already registered. Maybe you could have a hashtable in the ServletContext that maps loginId to HttpSession -- then use a HttpSessionListener to listen for session creation -- when the session is created look for a value in the hashmap in the servlet context -- if it is there then invalidate the mapped session. Then add (put) the new mapping into the hashatable. Ricardo Andres Quintero wrote: Hello Guys I need not to let users to login in my app simultaneosly. I mean if a login-password is actually logged in, i need to invalidatye that session and then let the new login-password to work in, after invalidating the old session. Any ideas? and of course any examples? -- Ricardo Andrés Quintero R. Ubiquando Ltda. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Not Logged in with the same loggin-password if it is already registered.
Absolutely.. and yes, i did note your use of that appropriate adjective..:) Something happens to me though when I see the word javascript and I can't help myself..;) -Original Message- From: Brett Connor [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 28, 2004 4:59 PM To: Struts Users Mailing List Subject: Re: Not Logged in with the same loggin-password if it is already registered. Agreed, you did spot the phrase wacky in there, yes? Javascript can be very useful, in moderation. I've rarely used it, not proficient in it (yet), and have to have a darn good reason before I go there, kind of a last resort. Geeta Ramani wrote: ps. But if you know what's good for you you will stay right away from javascript.. -Original Message- From: Brett Connor [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 28, 2004 4:47 PM To: Struts Users Mailing List Subject: Re: Not Logged in with the same loggin-password if it is already registered. AFAIK session timeout is the only notification you can get here. There are undoubtedly some wacky things we can do with javascript - reduce the session timeout to a small value and include some javascript polling in every page or something along those lines, but at the end of the day it comes down to a timeout. The session listener will be called for any session created / destroyed as soon as the container is aware itself. Brett Robert Miller wrote: How do you handle the situation where the user closes the browser without logging out (the windows X is not always our friend ;) ). I am not familiar with the SessionListener. Would it help in some way? Robert [EMAIL PROTECTED] 7/28/2004 3:25:16 PM Exactly! Or use HttpSessionlistener and database solution (that jim outlined) simultaneously.. (We are doing almost this except as a solution to a kind of opposite problem - when a user logs off we need to do soem work so.. this seems to work nicely) -Original Message- From: news [mailto:[EMAIL PROTECTED] Behalf Of Bill Siggelkow Sent: Wednesday, July 28, 2004 4:28 PM To: [EMAIL PROTECTED] Subject: Re: Not Logged in with the same loggin-password if it is already registered. Maybe you could have a hashtable in the ServletContext that maps loginId to HttpSession -- then use a HttpSessionListener to listen for session creation -- when the session is created look for a value in the hashmap in the servlet context -- if it is there then invalidate the mapped session. Then add (put) the new mapping into the hashatable. Ricardo Andres Quintero wrote: Hello Guys I need not to let users to login in my app simultaneosly. I mean if a login-password is actually logged in, i need to invalidatye that session and then let the new login-password to work in, after invalidating the old session. Any ideas? and of course any examples? -- Ricardo Andrés Quintero R. Ubiquando Ltda. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Not Logged in with the same loggin-password if it is already registered.
So are you saying that you have tomcat handling both html and jsp's? Unfortunately I don't have that luxury in our environment. Apache serves html, Resin serves jsps. Brian -Original Message- From: Jim Barrows [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 28, 2004 4:00 PM To: Struts Users Mailing List Subject: RE: Not Logged in with the same loggin-password if it is already registered. -Original Message- From: McClung, Brian [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 28, 2004 1:57 PM To: 'Struts Users Mailing List' Subject: RE: Not Logged in with the same loggin-password if it is already registered. This topic brings up a question that I have oftened wondered about. How does everyone handle sign on and static content where there is no jsp page? Include a jsp in the html? Set up a cookie? The problem to the cookie is that they can be blocked or the html code to verify the cookie has to be javascript which can be circumvented by being turned off. I have lots of content (html), but very few jsp pages. The HttpSessionListner seems like it might work, but then I am still taking my static page and including dynamic content. Any thoughts? Apache + Tomcat I think... I just use Tomcat for everything, with OSCache (when I have my druthers). Then in your web.xml set up your security for your static pages... -Original Message- From: Geeta Ramani [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 28, 2004 3:40 PM To: Struts Users Mailing List; Struts Users Mailing List Subject: RE: Not Logged in with the same loggin-password if it is already registered. Yes but wont the container know when a user closes his/her window? Are you saying this isn't something that a container will be notified about..?/ ..hmm... maybe not... ok, Robert scratch my earlier note..(like I said i ought to go home..) -Original Message- From: Brett Connor [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 28, 2004 4:47 PM To: Struts Users Mailing List Subject: Re: Not Logged in with the same loggin-password if it is already registered. AFAIK session timeout is the only notification you can get here. There are undoubtedly some wacky things we can do with javascript - reduce the session timeout to a small value and include some javascript polling in every page or something along those lines, but at the end of the day it comes down to a timeout. The session listener will be called for any session created / destroyed as soon as the container is aware itself. Brett Robert Miller wrote: How do you handle the situation where the user closes the browser without logging out (the windows X is not always our friend ;) ). I am not familiar with the SessionListener. Would it help in some way? Robert [EMAIL PROTECTED] 7/28/2004 3:25:16 PM Exactly! Or use HttpSessionlistener and database solution (that jim outlined) simultaneously.. (We are doing almost this except as a solution to a kind of opposite problem - when a user logs off we need to do soem work so.. this seems to work nicely) -Original Message- From: news [mailto:[EMAIL PROTECTED] Behalf Of Bill Siggelkow Sent: Wednesday, July 28, 2004 4:28 PM To: [EMAIL PROTECTED] Subject: Re: Not Logged in with the same loggin-password if it is already registered. Maybe you could have a hashtable in the ServletContext that maps loginId to HttpSession -- then use a HttpSessionListener to listen for session creation -- when the session is created look for a value in the hashmap in the servlet context -- if it is there then invalidate the mapped session. Then add (put) the new mapping into the hashatable. Ricardo Andres Quintero wrote: Hello Guys I need not to let users to login in my app simultaneosly. I mean if a login-password is actually logged in, i need to invalidatye that session and then let the new login-password to work in, after invalidating the old session. Any ideas? and of course any examples? -- Ricardo Andrés Quintero R. Ubiquando Ltda. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
