I have an application which is validating only one user should use the application at a time. For that we are putting a column in DB table. By default the column value is 'Inactive'. When the user logged in, column value will be changed to 'active'. Once the user properly logged out, the column value will be changed to 'inactive' and the session gets an end. But when the user close the window improperly, the logout code is not working. I tried with onunload but the problem with the onunload is since we are using tiles, each time when we click a link log out is happening. So can anyone help me how to do it while closing the window directly?
Thanks in advance...
You should not be keeping an entry in DB to track whether the user is online or not. Instead you have to keep all the user names in the application context and whenever the user logs in, you have to check if the user name is already in the application context. If not, add it to the context, else the user has already logged in.
Having a DB column to know if the user is active or not is a very bad idea. If at all this is used, you have to call an event using javascript every time you close the browser window. Also it might so happen that because of some network problem, the window close event will not be intercepted by the server resulting in the user being still shown as active in the DB
Related
I have to solve this situation: in my Spring + JPA web application I have a jsp similar to an excel work sheet.
So I have a certain number of cells and each cell is saved in a DB table with additional information: I have a row for each cell.
id | value | column | row | ...
I use this structure because number of columns in my jsp table is dynamic.
At the moment, when I save cells I truncate the current set of rows in DB table and re-insert all the new rows. This is the fastest way I found to update a large set of rows.
But now I have a concurrency problem: the jsp page can be used by different users at the same time and this can cause overwriting problems on other users savings.
I need to implement some kind of lock in my web app. I found there are mainly two types of lock: optimistic vs pessimistic.
Can you suggest me a common approach to solve this situation? Where do I need to implement the lock, at data access level or at service level?
NOTE to be more clear: table values are shared among users, but can be updated by anyone among authorized users.
The solution would probably depend on the behavior requirements.
How about the following scenario: users A and B started to change some values, then user A pressed Save button and saved data, after that user B did the same. User B got an error message saying something like "the data has been updated, please reload the page". He reloads the page and lose all changes he did :( Only after that he is able to save his changes, but he has to do it once again.
Other possible scenario: users A and B accessing the page, but only the user who was the first will be able to save his work, other users will see message saying something like "someone else is editing the page, try again later".
For the first scenario you can implement the following: each line of the table (in database) has a last-update-timestamp which is updated to current time each time this row is changed.
Now, let's imagine user A get row with timestamp 1 when opened the page, user B was a little bit slower and got the same row with timestamp 2. But, he did his changes faster and pressed Save button first. Now, the row is saved in DB with timestamp let's say 5. User A is trying to save his changes, but the timestamp of his data is 1, which is different from 5 currently in DB. That means someone changed that data already and he should see error message I mentioned above.
Second scenario is a little bit harder to implement. I think the best way to do this is to open transaction to DB which
reads the row(s) we want;
put some flag like "locked" to true for all of them;
if some row is locked already, fails (or return available rows, depending on what you need). But, probably should fail;
returns rows to jsp page;
Now, if other user requested the same rows, transaction will fail and he will not be able to start changing data.
User A should put these locked flags back to false when he saves the data.
Important thing: these locks should have timeout to prevent situation when user opened the page and closed it without saving (or browser crash, or something else). You may also want to implement some kind of lock reackquire for the same user - when user opened the page for the first time, then closed it without saving data and opened once again - he should be able to edit the data. This can be done by identifying user somehow - login, cookie, and so on.
What i want todo with Java and Javascript:
If a user try to register an Account, after he write the Login name and klick in the next field, there should be an immediately check, if the Login Name already exist.
My Question is now, what is the best performance way.
I know, how i can check the username in the database, that is no Problem.
But is it possible to cache the List of users in a Application wide variable ?
If yes, how or where should i create a such variable ? I use tomcat as server.
But no idea how i can do that.
Or is it just fine, todo a check on the DB Server.
I want something similar like the Registration from hotmail
Thanks
Two ways to do it (and not thinking very hard). First - before loading the page, on the server side retrieve all user names, put the in a list and put the list in the request. Now you have all your user in the page and can check if the entered name exists (must do it in javascript). The second method - after typing the name make an ajax call to the server and check in DB if exists. Hope this helps.
It's not a good idea to cache all login names. First because at every http session, you need to refresh the whole cache. Second because it's possible to have multiple http sessions (multiple user trying to create an account) and you need to refresh the whole cache to verify new registrations login names. Third it's not a good practice to store temporary the whole user names table in such a variables.. imagine you have 10000000 login names!
With a cache, if two users want to register at the same time, and enters the same user login, both user login pass the validation!
Just query your database with an ajax request or a servlet and make sure your login name column has an index!
I am creating a mini project. My project is a library management system.
How can I disable the issue button in advanced search if I am logged in by clicking Anonymus?
Or how can I enable the issue button if logged in as administrator?
You can enable / disable buttons using the setEnabled() method. You will have to figure out the code for the boolean that needs to be passed to the method.
Basically, what you need to do is to call setEnabled(isAdministrator()) on your Issues button. For this, you'll have to implement an isAdministrator() method, which should check if a user is logged in and if that user is the/an administrator. How to check this depends on the implementation of your login dialog and on how you administer your users. Normally you'd have some kind of database holding all users and (encrypted) passwords as well as a flag telling if a certain user is an administrator (or you can have a separate table with roles or permissions and a many-to-many relation between the user table and the roles or permissions table but for a mini-project this is probably not needed).
Just make a boolean variable initialized as false when you validate through username and password change it to true, buttons have a jButton.setVisibility("true or false"); this can either be true or false but adding the boolean variable there will determine whether its a registered user or an anonymous client :)
I am using Hibernate in Spring MVC 3.05 and an Oracle database.
I have a transaction in which I insert a new record into two tables: User and Registration.
Registration contains a UserId (meaning a user may have many registrations).
When I commit the transaction, I can query my database and see that the new rows were successfully inserted.
The problem
After the transaction commits successfully, I redirect the user to a confirmation page, where I would like to show some information about the registration that was just inserted. On the confirmation page, I do a Hibernate query by userId to get the User that was just inserted. I then use the following properties to populate my model:
User.getName()
User.getEmail()
User.getBlah()
User.getReigstrations().iterator.next()
The one in bold throws an exception "NoSuchElementException" because there are no items in the set. There should be one Registration in the set. If I close the browser, start a new one, and direct myself back to the same link that threw the exception, IT WORKS! There is a Registration in the set.
My guess is that it's not reloading related table objects when I query for my User, but is either pulling from cache or assuming that nothing more had been added since the User was saved. Does anyone know of a way to force Hibernate to reload this data?
Unfortunately I can't just get a Registration by UserId because it maps UserId to the entire User object (via object generation because User is a foreign key).
Hope this makes sense. Any help is appreciated. I am open to a different approach to accomplishing this as well. Thanks!
It's hard to diagnose the exact problem because you don't say when you close sessions, and in which session/transaction you get your User. But I guess the problem comes from the fact that you don't maintain the two sides of the relationship when inserting a new registration.
You should set the user in the registration, and add the registration to the list of registrations of the user.
I think the answer to my question is so simple that there's not even an answer to my question lol:
How does the concept of User Authentication/User Accounts work? How does a certain webpage, for example, know to pull up your information and not someone else's when one logs in? Is it really just a bunch of select statetments with a where clause on the userid to pull back info?
When you connect to a website, a session cookie is placed in your browser. This uniquely identifies you so that the website knows from request to request, page to page, that you are the same person. Somewhere on the server, the ID in this session cookie is stored. The server knows you are there. The server knows when you click on a link that you're the same person who generated the page on which the link was present.
When you log in, the programmer authenticates your username and password against the database (or whatever he uses for user authentication), and then stores some sort of User ID on the server, attached to your session ID from your cookie. Now, whenever you request a page, the programmer checks to see if there's a User ID associated with your session ID on the server, and then knows that you're already logged in. It's common at this point, the first thing when you log in, for there to be a bunch of select statements to load your user inforamtion, any new messages, etc. This way, it can display at the top of the page.
For example, on StackOverflow, this would be your name, reputation, amount of badges, and if you have a new message.
The website never gets confused, because the cookies are never duplicated. Whenever someone comes to the website without a cookie, a new value is generated and sent to the user in the response. Then, every request after that, the browser sends the cookie value back with it. There's no way to possibly know (and it would be nearly impossible to guess) any other user's cookie ID, assuming the server wasn't also using IP address to validate session cookies. Regardless, for the programmers, this all takes place "behind the scenes". Programmers just typically access some sort of session data repository where they can store and retrieve information that is valid across page loads. As long as the user doesn't clear his cache or restart his browser, the session data will be available and unique to that user.
It depends on the underlying technology used to create the website. Usually there's a cookie stored in your browser once you log in that uniquely identifies you. Then when you load a page, the site checks the value of the cookie to see how you are and loads information appropriate to you from a database.
As an example, when you log in to Facebook it creates a cookie on your computer. Then when you go to your homepage it knows who you are based on that cookie and uses it to load your profile picture, your friends, your apps, etc.
No switch statements, though. :O
When ever we log in to our accounts, a session or cookie is created by the server. This session or cookie contains all the relevant information that the server needs to identify the user. Once server access this info, it knows which user it is dealing with and hence retrieves the users details only.