Suppose, a use login with username="ABC",
Some data is set in the session as follows:
session.setAttribute("mydata", mydata);
If the current session expires, the user is redirected with login page.
And now, if the user again login with same username ("ABC"),
Can we retrieve the previous session's attribute so that the user can continue his work?
Please suggest me the possible solution to retrieve the data of previous session.
Thank you.
I don't believe it is possible . However, you can always create a semaphore where your app can check against it whenever the user logs in and invalidate the session if there's already an existing user session running.
This semaphore could be as simple as a Java static variable if you are running in a non-clustered environment, or a better approach is to set the flag in a database table especially if you are running in the clustered environment.
Not possible, when the session expires everything it contains is dead. This is controlled by the container.
You could save session attributes to database beofre they expire, then add them back to the new session when user logs in again.
Related
I have a Vaadin application that starts with a user login, but the problem is with Vaadin is the session handling as I can open two sessions from 2 different browsers with the same login which should not be possible to do. But I did not find any documentation regarding that besides this topic but it's not working properly as the data are not saved in the hashmap correctly.Anyone got the same problem?
Vaadin 7 works by default so that it creates everytime a new UI instance when a new browser tab is opened (or the tab is refreshed). You should store information about current user to VaadinSession or standard HttpSession and check in UI.init() if the session contains user information.
To store information into VaadinSession one can say:
VaadinSession.getCurrent().setAttribute("currentUser", currentUser)
HttpSession can be accessed as follows in Vaadin:
VaadinSession.getCurrent().getSession()
Please note that VaadinSessions are stored into HttpSession and HttpSession can contain multiple VaadinSessions if multiple Vaadin servlets are deployed from the same war file, and the user uses those at the same time.
How to prevent concurrent logins?
I keep track of logins using a self-generated login-token. A random string between 32 and 128 bytes in length that gets stored in a cookie and a backend database, typically under a user's account.
If User (A) shares her login credentials with User (B) a new login-token is generated for the new login and stored in a cookie and updated in the backed database.
If User (A) (who might for example already be logged in) attempts to perform an action while User (B) has just logged-in, User (A)'s session will be destroyed and she'll be redirected to the login screen after a backend test confirmed her login-token isn't a match.
Think of Sessions and Logins as two different things. Sessions can be generated all day long, but login STATE should be stored in a central store.
You can save all logged users to static Set. Static variables are globally shared. On start app, check whether the collection is already login.
I am trying to implement the functionality with which , when a user is loggedIn at one place and when he try to login to some where else , He should automatically be LoggedOut from the previous place .
Like in GMAIL..
If some one can give me the concept , As i think I need to save the user LoggedIn Status in Db,As sessions doesnt looks to be heplful. But then I dont understand how we update user status in DB ,if there is no activity for lets say 5 minutes (how will i capture the inactivity and updating in db).
If some one can please guide, I am struggling on this for hours now .
Thanks
When user login add the user session with id to a hashmap. When the same user logins again check for entry in the HashMap and if available invalidate the session and create new session for the user.
If you are using Spring Security, it provides this functionality out of the box.
Otherwise:
Create a java.util.Map (A ConcurrentMap is prefered, so manipulating it concurrently won't corrupt it), and stores it in application scope (ServletContext).
Now, you shall store each user and a reference to its session upon login in the map, and if a user logins again, just fetch previous session object and invalidate it.
Now implement an instance of javax.servlet.http.HttpSessionListener, and in void sessionDestroyed(javax.servlet.http.HttpSessionEvent httpSessionEvent); method, remove the specified session from the Map. (This listener is invoked on session invalidation, whether it is done automatically by container or if you do it programmatically). just register this listener in web.xml and everything is done.
p.s. I know that it will be some-how harder, if you are deploying your application on a cluster of web-containers, but when you have just one server, that's ok.
p.s. I don't recommend storing session information in DB.
I am using jboss server. As of now my users getting logged out when my server bounces. On that time time I won't allow them to log out. How to manage this session even my server bounces.
Whenever you restart your server all user sessions will be lost. If you still want to keep user sessions then use cookies to maintain user sessions instead of thing like HttpSession.
When user logged in keep its session and also maintain a cookie. When server restarts check if cookie present. If its there then allow user to access resources.
You can set cookie as: For this you have to include jQuery.cookie.js file in your webpage. After user logged in set its cookie. It will remain set unless you remove it or after specific time. When you restart server all sessions will be destroyed but cookie will remain in browser. So if there is no session but cookie present in browser you can automatically logged in user and create its session again.
$.cookie("test", 1);
To delete:
$.removeCookie("test");
Additionally, to set a timeout of a certain number of days (10 here) on the cookie:
$.cookie("test", 1, { expires : 10 });
To read back the value of the cookie:
var cookieValue = $.cookie("test");
During the Application startup , using the login Id of the User , i am making a Database call and loading all of his accounts and setting them in the session as shown
session.setAttribute("userinfo",userinfo);
and i am using this accounts information in the service layer to do a check before making a call to the Database
Now the problem is that if a User (who is having multiple accounts ) logs simulatunosly into a same browser , its creating same sessionid , as a result the session is having only the information of the last logged in user .
is there anyway i can solve this , may be the way i am storing data
please help
May not be the best solution but this will help to solve the problem.
What you could do would be to associate the userid with the sessionid and on every pageload / clicks, you will check if the sessionid matches the login user's userid. If it matches, disregard and run the page as usual else you can fetch the user info from the database and reassign the variables again.
You can use URL rewrite instead of cookies. The downside is that the session ID is exposed in the URL.
I have a very basic Wicket app that I'm trying to deploy to GAE. I have the basics working, after following the steps here and also binding the session object upon creation.
I'm having trouble saving any state in a session. My session class extends AuthenticatedWebSession. The login pages authenticates via AuthenticatedWebSession.authenticate(), which always returns true and sets the username in a member variable. But subsequent pages see a null username in the session and AuthenticatedWebSession.isSignedIn() returns false.
I do seem to be maintaining a session, as every page will see the same value for Session.getId().
Any ideas?
TIA!
Chris
My question was answered on the Wicket mailing list - the answer is that I needed to call Session.dirty() after authenticating (or after any other change to the session members) to ensure it would be saved. Apparently in my development environment, sessions were always saved but GAE is more optimized and thus only saving dirty sessions.
I spent about 2 days devling down the rabbit hole of sessions and cookies and I finally realised my issue was this:
app.secret_key = os.urandom(50)
Every time an instance boots up it generates a new key and now the users session is lost.
You need to make your key static
app.secret_key = "really-complex-key-that-is-static-and-never-changes"
Hopefully this is your issue to