any ideas about handle user's relogin using interceptor?
Hi: In our application,if user logined in one browser or computer,then he/she login in another brower/computer,the first login information should be removed. For example. User login in computer A,then he did not logout and then login in computer B,then if he back to computer A do some Authorization required operation,then he should be informed for relogin in computer A, of course,the login information in computer B should be removed now. It seems that the Interceptor can be used here,since the Interceptor's scope is method(just my own understand),but I have no idea how to remove the old login information. Any ideas?
Re: any ideas about handle user's relogin using interceptor?
The problem will be: (1)How to save the information about who is logged in from which session. and (2)How to check this information before every action execution For problem 1, if you only have one app server, you can save this information in global variable, if you need support multi app servers, you can save it into DB. The data structure should like MapUserID, SessionID (in global variable) or TABLE (UserID VARCHAR, SessionID VARCHAR) (in DB) For problem 2, you are right, Interceptor will be a good choice. I think the whole architecture should likes: (1)After user login, save the logged in status into global variable or DB, and into current session. (2)Before every action execution, extract logged in user id from current session, and then check the global variable or DB, see if this user is logged in from the same session. If the same user is logged in from some session else, this means he/she has re-logged in from somewhere else, so you can remove the logged in status from current session, and then force the user login again. For example: (1)UserA, logged in from ComputerA. Let's say the session is SessionA. So in SessionA, the logged in user ID will be UserA. And in the global variable or DB, UserA will be marked logged in from SessionA (2)When the same user login from ComputerB. Let's say SessionB. In SessionB, the logged in user ID will be UserA. And in the global variable or DB, the logged in status of UserA will be overwritten by logged in from SessionB (3)Request any page again from ComputerA. The Interceptor can extract the logged in user id (which will be UserA) from current Session (which will be SessionA). And extract the logged in status from global variable or DB, which will be logged in from SessionB, and different from current session. So the Interceptor can say, UserA has re-logged in from some where else. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: any ideas about handle user's relogin using interceptor?
Thanks,your answer can not be detailed more. :) only a little confused. Map attibutes = ActionContext.getContext().getSession() I can get the session this manner,but it seems that it is a Map,not a HttpSession,so what is the id? I have debug the session yet,and I found there is a property in the Map: struts.troken,is this unique can be used as the session id? 2010/12/2 Li Ying liying.cn.2...@gmail.com The problem will be: (1)How to save the information about who is logged in from which session. and (2)How to check this information before every action execution For problem 1, if you only have one app server, you can save this information in global variable, if you need support multi app servers, you can save it into DB. The data structure should like MapUserID, SessionID (in global variable) or TABLE (UserID VARCHAR, SessionID VARCHAR) (in DB) For problem 2, you are right, Interceptor will be a good choice. I think the whole architecture should likes: (1)After user login, save the logged in status into global variable or DB, and into current session. (2)Before every action execution, extract logged in user id from current session, and then check the global variable or DB, see if this user is logged in from the same session. If the same user is logged in from some session else, this means he/she has re-logged in from somewhere else, so you can remove the logged in status from current session, and then force the user login again. For example: (1)UserA, logged in from ComputerA. Let's say the session is SessionA. So in SessionA, the logged in user ID will be UserA. And in the global variable or DB, UserA will be marked logged in from SessionA (2)When the same user login from ComputerB. Let's say SessionB. In SessionB, the logged in user ID will be UserA. And in the global variable or DB, the logged in status of UserA will be overwritten by logged in from SessionB (3)Request any page again from ComputerA. The Interceptor can extract the logged in user id (which will be UserA) from current Session (which will be SessionA). And extract the logged in status from global variable or DB, which will be logged in from SessionB, and different from current session. So the Interceptor can say, UserA has re-logged in from some where else. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: any ideas about handle user's relogin using interceptor?
ActionContext is just a wrap class for convenience. If you need the real HttpSession. You should get the HttpRequest first, from ServletActionContext.getRequest(). See: http://struts.apache.org/2.2.1/struts2-core/apidocs/org/apache/struts2/ServletActionContext.html And then, you can get the HttpSession from HttpServletRequest.getSession(); See: http://download.oracle.com/javaee/5/api/javax/servlet/http/HttpServletRequest.html 2010/12/2 maven apache apachemav...@gmail.com: Thanks,your answer can not be detailed more. :) only a little confused. Map attibutes = ActionContext.getContext().getSession() I can get the session this manner,but it seems that it is a Map,not a HttpSession,so what is the id? I have debug the session yet,and I found there is a property in the Map: struts.troken,is this unique can be used as the session id? - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: any ideas about handle user's relogin using interceptor?
Hi: Thanks for Liying's answer,I have a try just now,and it works well(say the result,it meet my requirements). However I found that my codes are rathre ugly,have no logic. So I wonder any one can spare some time to have a check? Notice:I remove the jars in the WEB-INF/lib. You should add it yourself. BWT,I wonder if saving all the session information in the server side is a good idea,if too many user login,the memeory is a problem,but if save the session in the db or file system,it will slow down the response speed. :( However,thanks Li ying and other guys anyway. 2010/12/2 Li Ying liying.cn.2...@gmail.com ActionContext is just a wrap class for convenience. If you need the real HttpSession. You should get the HttpRequest first, from ServletActionContext.getRequest(). See: http://struts.apache.org/2.2.1/struts2-core/apidocs/org/apache/struts2/ServletActionContext.html And then, you can get the HttpSession from HttpServletRequest.getSession(); See: http://download.oracle.com/javaee/5/api/javax/servlet/http/HttpServletRequest.html 2010/12/2 maven apache apachemav...@gmail.com: Thanks,your answer can not be detailed more. :) only a little confused. Map attibutes = ActionContext.getContext().getSession() I can get the session this manner,but it seems that it is a Map,not a HttpSession,so what is the id? I have debug the session yet,and I found there is a property in the Map: struts.troken,is this unique can be used as the session id? - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org StrutsDemo.rar Description: application/rar - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: any ideas about handle user's relogin using interceptor?
The only data need to save is UserID and SessionID, I think it will not over 100 bytes per user. For 1000 user, the total memory will not over 10MB. So, you don't have to worry about memory problem. For the DB solution, if you worry about response speed. You can change the solution: Do not check for every request. Do it with some interval instead. For example: (1)check it once per 2 minutes OR (2)check it once per 10 requests. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: any ideas about handle user's relogin using interceptor?
I read your code, and noticed one thing. You saved the whole HttpSession instance in Map, this will waste memory. The information you really need is just the SessionID, but not the whole Session. SessionID can be retrieved from HttpSession.getId(); See: http://download.oracle.com/javaee/5/api/javax/servlet/http/HttpSession.html#getId%28%29 - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: any ideas about handle user's relogin using interceptor?
Thanks! So the way I use the interceptor is right? Nothing have to be changed except saving the session id intead of sessin it self? 2010/12/3 Li Ying liying.cn.2...@gmail.com I read your code, and noticed one thing. You saved the whole HttpSession instance in Map, this will waste memory. The information you really need is just the SessionID, but not the whole Session. SessionID can be retrieved from HttpSession.getId(); See: http://download.oracle.com/javaee/5/api/javax/servlet/http/HttpSession.html#getId%28%29 - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: any ideas about handle user's relogin using interceptor?
It looks like so. 2010/12/3 maven apache apachemav...@gmail.com: Thanks! So the way I use the interceptor is right? Nothing have to be changed except saving the session id intead of sessin it self? - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org