Thanks,your answer can not be detailed more. :) only a little confused.
Map attibutes = ActionContext.getContext().getSession() I can get the session this manner,but it seems that it is a Map,not a HttpSession,so what is the id? I have debug the session yet,and I found there is a property in the Map: struts.troken,is this unique can be used as the session id? 2010/12/2 Li Ying <liying.cn.2...@gmail.com> > The problem will be: > > (1)How to save the information about who is logged in from which session. > > and > > (2)How to check this information before every action execution > > > For problem 1, if you only have one app server, you can save this > information in global variable, if you need support multi app servers, > you can save it into DB. > The data structure should like > Map<UserID, SessionID> (in global variable) > > or > TABLE (UserID VARCHAR, SessionID VARCHAR) (in DB) > > > For problem 2, you are right, Interceptor will be a good choice. > > > > > I think the whole architecture should likes: > > (1)After user login, save the logged in status into global variable or > DB, and into current session. > > (2)Before every action execution, extract logged in user id from > current session, and then check the global variable or DB, see if this > user is logged in from the same session. > If the same user is logged in from some session else, this means > he/she has re-logged in from somewhere else, so you can remove the > logged in status from current session, and then force the user login > again. > > > > For example: > > (1)UserA, logged in from ComputerA. > Let's say the session is SessionA. > > So in SessionA, the logged in user ID will be UserA. > And in the global variable or DB, UserA will be marked "logged in from > SessionA" > > (2)When the same user login from ComputerB. > Let's say SessionB. > In SessionB, the logged in user ID will be UserA. > And in the global variable or DB, the logged in status of UserA will > be overwritten by "logged in from SessionB" > > (3)Request any page again from ComputerA. > The Interceptor can extract the logged in user id (which will be > UserA) from current Session (which will be SessionA). > And extract the logged in status from global variable or DB, > which will be "logged in from SessionB", and different from current > session. > > So the Interceptor can say, UserA has re-logged in from some where else. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
