tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tobias Meyer ...@allocation.net>
Subject AW: custom session manager
Date Thu, 06 Oct 2005 15:04:37 GMT
The problem is AFAIK, that you cannot access the list of all sessions
through the servlet-api.
That feature was in the servlet-api at some time, but was removed, IIRC due
to security issues.

If you have a list of all sessions, you can easily iterate over them at
login and manually expire all old sessions for the same user. => Max. one
active session per user.


> -----Urspr√ľngliche Nachricht-----
> Von: Leon Rosenberg [mailto:rosenberg.leon@googlemail.com]
> Gesendet: Donnerstag, 6. Oktober 2005 16:11
> An: Tomcat Users List
> Betreff: Re: custom session manager
> 
> 
> Sorry, aber how exactly does it solves the problem of having one
> session per user? :-)
> 
> 
> 
> On 10/6/05, Tobias Meyer <tm@allocation.net> wrote:
> > > -----Urspr√ľngliche Nachricht-----
> > > Von: Leon Rosenberg [mailto:rosenberg.leon@googlemail.com]
> > > Gesendet: Donnerstag, 6. Oktober 2005 11:20
> > > An: Tomcat Users List
> > > Betreff: Re: custom session manager
> > >
> > >
> > > On 10/6/05, Tobias Meyer <tm@allocation.net> wrote:
> > > >
> > > > Or, cou could add a static hashmap to your Servlet (or a
> > > bean if using JSPs)
> > > > where you simply add the sessions with every request. You
> > > would have to put
> > > > an attribute implementing
> > > javax.servlet.http.HttpSessionActivationListener
> > > > in each session though, that removes the session from your
> > > hashmap when the
> > > > session is expired or you will end up with having many
> > > invalid entries in
> > > > your hashmap. (And I don't even know what happens if you
> > > keep the references
> > > > to those Session objects when they are recycled by tomcat)
> > > > We do this to keep track of our sessions within the application.
> > >
> > > If you keep your sessions in a hashmap forever they will never be
> > > freed by the garbage collector and you will end with an 
> outofmemory
> > > error one day.
> >
> > That's why I said you need one Attribute that implements the
> > HttpSessionActivationListener, which, on second thought , 
> was wrong - you
> > need to implement HttpSessionBindingListener.
> >
> > The Method
> >
> > public void valueUnbound(HttpSessionBindingEvent event)
> >
> > will get called automatically when the session expires, and 
> you can add code
> > that removes the session from the hashmap.
> >
> >
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message