Hi Frank,
Doesn't the sessionCount get decremented regardless of whether the
session is being destroyed as the result of a regular logoff or
timeout as well as if it was a rejected logon (i.e., max sessions
already in use)? I dealt with this problem in the code I'm adding to
Java Web Parts tomorrow, but maybe you found a better way than I did :)
Yes, the sessionCount is decremented everytime a session is destroyed
regardless of regular logoff, 'forced' logoff (max sessions in use) :-))
or timeout.
But that's what I wanted. Do you see a problem with it?
sessionCount is the number of existing sessions, so I decrement the
sessionCount everytime a session is destroyed(no matter why it was
destroyed).
Also, I was a bit surprised to learn that filters fire BEFORE
listeners... it seemed more logical the other way around, but it's not
reality. Any problem with what you've done with that in mind?
A SessionContextListener's sessionCreated method will execute when a new
HttpSession is created.
HttpSessions are created by some servlet or jsp code.
So if you use a Filter that catches any request, the Filter will fire
before any code that could create a session has a chance to execute.
If the request is not for the 'special' appInUse.jsp or logout.jsp(by
the way I think that it's ok if we only treat appInUse.jsp specially,
logout.jsp can be
treated like all other resources) then I always get a session in the
usual way:
HttpSession session = request.getSession();
As you know this will create a session if one doesn't exist or it will
get an existing session.
Because this is a Filter that catches everything, all the sessions will
be created at this point.
This is also the point where the sessionCreated will be executed if the
session.isNew().
In the sessionCreated a session is always created, but if maxSessions
was exceeded then we
flag the session.
Back to the filter code, if the session is flagged then we invalidate it
and we redirect.
It is always benefic to try to write down in words what your code does.
I think I found a a little problem in my solution :-) :
Ex.:
MAX_SESSIONS = 1
and there is one active session (User A)
User B tries to connect, filter fires, flagged session is created
sessionCount is 2 now.
We are back in the filter before session.invalidate().
In another thread User A's session is destroyed and the
sessionDestroyed() is executed which decremenets sessionCount.
sessionCount = 1
User C comes in, in another thread the filter fires for his request, but
he will get a flagged session too, 'cause sessionCount is still 1.
However this is a minor issue and it probably can be easily changed by
not incrementing/decrementing sessionCount in
sessionCreated()/sessionDestroyed()
if the session is flagged.
This is what you suggested in the first place? :-)
Tamas
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
