tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex <a...@squigly.net>
Subject RE: list active sessions.
Date Mon, 21 Jun 2004 13:31:33 GMT

How would your application cope if it were required to scale up to 250
concurrent users ?

It's an interesting approach.  Currently I record limited information to a
db.  All I really want is to be able to list all the active session
id's...nothing more.  If it's being done already, why do it again...

On Mon, 21 Jun 2004, Frank Zammetti wrote:

> Date: Mon, 21 Jun 2004 09:45:05 -0400
> From: Frank Zammetti <fzammett@hotmail.com>
> Reply-To: Tomcat Users List <tomcat-user@jakarta.apache.org>
> To: tomcat-user@jakarta.apache.org
> Subject: RE: list active sessions.
>
> I spent a couple of days last week implementing just such a thing, so I feel
> qualified to answer :)
>
> There is no easy way to do it.  There USED to be a SessionContext object
> available in the servlet spec that would allow you to do a lot of cool
> things with sessions, but it was removed as of spec 2.1 I think because Sun
> believed it to be a security risk.  Unfortunately there was nothing added to
> take it's place.
>
> The way you have to do this, or at least one way (the only way I found) is
> to track it yourself.
>
> First, I already had an AppConfig object that contains a static HashMap.
> This has a bunch of config values for my app loaded from a config file at
> startup.  I then added an activeSessions HashMap to that class.  Create a
> similar class for yourself, along the lines of the following:
>
> import java.util.HashMap;
> public class AppConfig {
>   private static HashMap activeUsers = null;
>   public static HashMap activeUsers() {
>     return activeUsers;
>   }
>   public static void setActiveUsers(HashMap inActiveUsers) {
>     activeUsers = inActiveUsers;
>   }
> }
>
> Then, create a SessionListener something like the following:
>
> package com.mycompany.myapp;
> import java.util.HashMap;
> import javax.servlet.http.HttpSession;
> import javax.servlet.http.HttpSessionEvent;
> import javax.servlet.http.HttpSessionListener;
> public class SessionListener implements HttpSessionListener {
>   public void sessionCreated(HttpSessionEvent se) {
>     HashMap activeUsers = (HashMap)AppConfig.getActiveUsers();
>     synchronized (activeUsers) {
>       activeUsers.put(se.getSession().getId(), new HashMap());
>     }
>   }
>   public void sessionDestroyed(HttpSessionEvent se) {
>     HashMap activeUsers = (HashMap)AppConfig.getActiveUsers();
>     synchronized (appConfig) {
>       activeUsers.remove(se.getSession().getId());
>     }
>   }
> }
>
> Then just add the following to web.xml after your <servlet> section:
>
>   <listener>
>     <listener-class>com.mycompany.myapp.SessionListener</listener-class>
>   </listener>
>
> Basically, every time a session is created, you'll get an entry in the
> activeUsers HashMap keyed by sessionID, and the record will be removed when
> the session is destroyed.  Further, what I do is that when my logon Action
> is called, when the user is validated I add some information for that user
> into the HashMap (first name, last name, logon time, etc).  This allows me
> to have a pretty nice little tracking display in my app.
>
> The one problem you run into with this is that if the user just closes the
> browser window rather than using your nice logout function, the session
> lingers until the timeout period elapses.  I didn't like that!  My app is
> frames-based, and I already had one hidden frame, so I added the following
> to the <body> tag of that frame's source document:
>
> onUnload="openLogoffPopup();"
>
> ... and then the openLogoffPopup() function:
>
>   function openLogoffPopup() {
>     windowHandle = window.open("", "", "width=200,height=1,top=1,left=1");
>     str =  "<" + "html><" + "head><" + "title><" + "/title><"
+ "/head>";
>     str += "<" + "body onLoad=\"window.location='<%=request.getContextPath()
> + "/app/logoff.app"%>';\">";
>     str += "<" + "table width=\"100%\" height=\"100%\" border=\"0\">";
>     str += "<" + "tr><" + "td align=\"center\" valign=\"middle\">";
>     str += "<" + "span
> style=\"color:#000000;font-family:arial;font-size:11pt;font-weight:bold;\">";
>     str += "Logging out of application...<" + "/span";
>     str += "<" + "/td><" + "/tr>";
>     str += "<" + "/table>";
>     str += "<" + "/body><" + "/html>";
>     windowHandle.document.write(str);
>     windowHandle.document.close();
>   }
>
> That calls the logoff Action whcih does not much more than
> session.invalidate().  This works well in IE, I do not know if it is
> cross-browser though (not a concern for my company).  It should work fine to
> add this to all your JSP's, assuming your app isn't frame-based, I think
> it'll work just the same.  But, maybe you can live with the session
> lingering if the window is closed anyway.  It's probably not a big concern
> if the timeout period is short enough, but you need to recognize that you
> may see more than one session per user for a few minutes if they log on
> again.
>
> Hope that helps!
>
> Frank


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message