tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Victor Soares" <Vic...@ci.tigard.or.us>
Subject Re: How to listen for Session LastAccessedTime
Date Mon, 10 Feb 2003 21:44:27 GMT
The filter sounds like a good way to do it. Thanks for the suggestion Craig and Sean.

If I explain what i'm using this for, I'd be opening up a whole can of worms. I'm not scared
of worms, so I hope nobody else is. :)

I'm working on a SSO solution that can carry a user's session across different websites. I'm
in a very preliminary phase, but this is how i'm approaching it:
―--------------------------------------
Scenario #1:
User comes to website (www.ci.tigard.or.us) and logs in via a form. Upon successful login,
a domain level cookie, (.ci.tigard.or.us) is passed to the client with a unique ID, kinda
like the jsessionid. The domain cookie ID and the jsessionID are stored in a database along
with some other data. A *User* object is stored in session.

Scenario#2:
Same user goes to a second site (police.ci.tigard.or.us). When user hits a secure page, security
looks for the domain level cookie and grabs the ID, uses that ID to check the database for
that ID. If the ID exists in the database, security assumes the user has already been logged
so it loads up the data and authenticates/authorizes the user on the second website. It also
adds a record to the database that relates the domain session ID to the jsessionID of the
second website.

Additional Info:
There is a session listener that deletes all records from the database related to the domainID
when a session ends.
―---------------------------------------

So, I need to know the sessionLastAccessed value so i can update the database periodically.
This is because the session listener will delete all domainID records in the database for
a jsessionid that has expired. I don't want to delete any records if the user is still active
on any of the websites that are part of this SSO scheme. 

I don't know how scalable this solution is, nor am I 100% sure this is the best way to do
this but I have to start somewhere. I'm sure JUnit tests will answer my first question. :)

so there are the worms, the can is now empty.
- vic



>>> sean@sbdconsultants.com 02/10/03 12:46PM >>>
The only trivial way that I can think of would be to put a filter on all
requests.

What are you going to use that information for?  Maybe there is another way
to accomplish what you're trying to do.

Sean Dockery
sean@sbdconsultants.com 
Certified Java Web Component Developer
Certified Delphi Programmer
SBD Consultants
http://www.sbdconsultants.com 

----- Original Message -----
From: "Victor Soares" <Victor@ci.tigard.or.us>
To: <tomcat-user@jakarta.apache.org>
Sent: Monday, February 10, 2003 12:28
Subject: How to listen for Session LastAccessedTime


Hello,
I've been searching through the Javadocs to figure out how to listen for a
session's LastAccessedTime but haven't been able to find anything. Seems
like the HttpSessionAttributeListener is not notified when a session's
LastAccessedTime is changed.

Is there a way to listen for a session's LastAccessedTime?

thanks,
- vic


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org 
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org 




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org 
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org 



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message