tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Frank Zammetti" <fzamm...@hotmail.com>
Subject RE: list active sessions.
Date Wed, 23 Jun 2004 12:00:11 GMT
I don't see that behavior.  Is there a setting in Tomcat to turn that 
function on and off perhaps?  None of my sessions survive a Tomcat restart, 
so I've never had to deal with this.

Frank


>From: "Radek Liebzeit" <rlipi@centrum.cz>
>Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
>To: "'Tomcat Users List'" <tomcat-user@jakarta.apache.org>
>Subject: RE: list active sessions.
>Date: Wed, 23 Jun 2004 07:51:08 +0200
>
>Really nice.
>
>I am just wondering about one thing - about "persistent sessions". I
>have a session counter based on the SessionListeners. It is increased
>when some session is created and decreased when the session is
>destroyed. So, when I restart the Tomcat server some sessions are
>recreated but counter state doesn't. Therefore, after session timeout,
>the counter status is negative.
>
>It's not problem for me, it is enough for my purposes. I am just
>wondering how do you solve this behaviour?
>
>Radek
>
>
> > -----Original Message-----
> > From: Frank Zammetti [mailto:fzammett@hotmail.com]
> > Sent: Monday, June 21, 2004 3:45 PM
> > To: tomcat-user@jakarta.apache.org
> > Subject: RE: list active sessions.
> >
> > I spent a couple of days last week implementing just such a thing, so
>I
> > feel
> > qualified to answer :)
> >
> > There is no easy way to do it.  There USED to be a SessionContext
>object
> > available in the servlet spec that would allow you to do a lot of cool
> > things with sessions, but it was removed as of spec 2.1 I think
>because
> > Sun
> > believed it to be a security risk.  Unfortunately there was nothing
>added
> > to
> > take it's place.
> >
> > The way you have to do this, or at least one way (the only way I
>found) is
> > to track it yourself.
> >
> > First, I already had an AppConfig object that contains a static
>HashMap.
> > This has a bunch of config values for my app loaded from a config file
>at
> > startup.  I then added an activeSessions HashMap to that class.
>Create a
> > similar class for yourself, along the lines of the following:
> >
> > import java.util.HashMap;
> > public class AppConfig {
> >   private static HashMap activeUsers = null;
> >   public static HashMap activeUsers() {
> >     return activeUsers;
> >   }
> >   public static void setActiveUsers(HashMap inActiveUsers) {
> >     activeUsers = inActiveUsers;
> >   }
> > }
> >
> > Then, create a SessionListener something like the following:
> >
> > package com.mycompany.myapp;
> > import java.util.HashMap;
> > import javax.servlet.http.HttpSession;
> > import javax.servlet.http.HttpSessionEvent;
> > import javax.servlet.http.HttpSessionListener;
> > public class SessionListener implements HttpSessionListener {
> >   public void sessionCreated(HttpSessionEvent se) {
> >     HashMap activeUsers = (HashMap)AppConfig.getActiveUsers();
> >     synchronized (activeUsers) {
> >       activeUsers.put(se.getSession().getId(), new HashMap());
> >     }
> >   }
> >   public void sessionDestroyed(HttpSessionEvent se) {
> >     HashMap activeUsers = (HashMap)AppConfig.getActiveUsers();
> >     synchronized (appConfig) {
> >       activeUsers.remove(se.getSession().getId());
> >     }
> >   }
> > }
> >
> > Then just add the following to web.xml after your <servlet> section:
> >
> >   <listener>
> >
><listener-class>com.mycompany.myapp.SessionListener</listener-class>
> >   </listener>
> >
> > Basically, every time a session is created, you'll get an entry in the
> > activeUsers HashMap keyed by sessionID, and the record will be removed
> > when
> > the session is destroyed.  Further, what I do is that when my logon
>Action
> > is called, when the user is validated I add some information for that
>user
> > into the HashMap (first name, last name, logon time, etc).  This
>allows me
> > to have a pretty nice little tracking display in my app.
> >
> > The one problem you run into with this is that if the user just closes
>the
> > browser window rather than using your nice logout function, the
>session
> > lingers until the timeout period elapses.  I didn't like that!  My app
>is
> > frames-based, and I already had one hidden frame, so I added the
>following
> > to the <body> tag of that frame's source document:
> >
> > onUnload="openLogoffPopup();"
> >
> > ... and then the openLogoffPopup() function:
> >
> >   function openLogoffPopup() {
> >     windowHandle = window.open("", "",
>"width=200,height=1,top=1,left=1");
> >     str =  "<" + "html><" + "head><" + "title><" + "/title><"
+
>"/head>";
> >     str += "<" + "body
> > onLoad=\"window.location='<%=request.getContextPath()
> > + "/app/logoff.app"%>';\">";
> >     str += "<" + "table width=\"100%\" height=\"100%\" border=\"0\">";
> >     str += "<" + "tr><" + "td align=\"center\" valign=\"middle\">";
> >     str += "<" + "span
> > style=\"color:#000000;font-family:arial;font-size:11pt;font-
> > weight:bold;\">";
> >     str += "Logging out of application...<" + "/span";
> >     str += "<" + "/td><" + "/tr>";
> >     str += "<" + "/table>";
> >     str += "<" + "/body><" + "/html>";
> >     windowHandle.document.write(str);
> >     windowHandle.document.close();
> >   }
> >
> > That calls the logoff Action whcih does not much more than
> > session.invalidate().  This works well in IE, I do not know if it is
> > cross-browser though (not a concern for my company).  It should work
>fine
> > to
> > add this to all your JSP's, assuming your app isn't frame-based, I
>think
> > it'll work just the same.  But, maybe you can live with the session
> > lingering if the window is closed anyway.  It's probably not a big
>concern
> > if the timeout period is short enough, but you need to recognize that
>you
> > may see more than one session per user for a few minutes if they log
>on
> > again.
> >
> > Hope that helps!
> >
> > Frank
> >
> >
> > >From: Alex <alex@squigly.net>
> > >Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
> > >To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> > >Subject: list active sessions.
> > >Date: Mon, 21 Jun 2004 08:52:42 -0400 (EDT)
> > >
> > >
> > >Is there a way to list all sessions which are currently active for
>the
> > >webapp which would be calling for such a list?
> > >
> > >
> > >---------------------------------------------------------------------
> > >To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > >For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> > >
> >
> > _________________________________________________________________
> > Is your PC infected? Get a FREE online computer virus scan from
>McAfeeR
> > Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>

_________________________________________________________________
>From ‘will you?’ to ‘I do,’ MSN Life Events is your resource for Getting 
Married. http://lifeevents.msn.com/category.aspx?cid=married


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message