ibatis-user-java mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Abdullah Kauchali <abdullah.kauch...@isanusi.com>
Subject Advice sought: Designing cached User Session objects
Date Thu, 17 Mar 2005 13:33:23 GMT
Hi folks,

We are piloting a few stateless services in our organisation and would 
like to create
a Security Service that will satisfy requirements for User Session 
Management.

The idea is that once a user is authenticated against the Security 
Service, a GUID token
 is provided to the client. This token is then used by the client system 
to negotiate services
across the different organisational public "API's" (thereby obviating 
the need for
re-authentication at each call to a service.)  The Session GUID is 
persisted in the backend
database.

One of the requirements of the Session Management architecture is that 
of verifying
the session for:
1)  Validity (does the server recognise the GUID as one that it provided 
in the recent past?)
2)  A timeout period (has the Session expired beyond a specified TIMEOUT 
period.)

We have already created the components that answers the two requirements 
above without caching. 
However,  we would now like to optimise the process by using caching.  
In this regard, we would like to
avoid/minimise the number of unnecessary roundtrips to the database to 
"refresh" the Session details
for the user.  As the number of concurrent users increases, the amount 
of update hits against the
Session table will be considerable.

To this end, the attached diagrams are what's being proposed.  Please 
see the attached images.

Ok.  Long winded.  :)  The question regarding iBatis:

How do we achieve the process of "updating the cache" directly?

Other general opinions and crits are also welcome,

Kind regards

Abdullah

Mime
View raw message