users@glassfish.java.net

Re: Invalidating user sessions

From: Jose Noheda <jose.noheda_at_gmail.com>
Date: Sat, 5 Jan 2008 14:41:46 +0100

So they work as a ServletContextListener...interesting! Definitely I have to
read the EE documentation

Regards,

On Jan 4, 2008 6:32 PM, <Jan.Luehe_at_sun.com> wrote:

> Jose Noheda wrote:
>
> > Thank you! I haven't ever read about Session Listeners :-)
> >
> > Digging a little, a Spring bean would do the job with a little help of
> > WebApplicationContextSessionListener
> > <
> http://google.com/codesearch?hl=es&q=+WebApplicationContextSessionListener+show:VXUqxN5tSVo:gSBuQhvGq6A:rs3MoVMjkek&sa=N&cd=1&ct=rc&cs_p=cvs+:pserver:anonymous%40springframework.cvs.sourceforge.net:/cvsroot/springframework+spring&cs_f=sandbox/src/org/springframework/web/servlet/support/WebApplicationContextSessionListener.java#first
> >.
> > I'd rather skip a servlet if it is not going to handle requests.
>
>
> Your HttpSessionListener does not have to be implemented as a servlet.
> It is sufficient to just declare it in your deployment descriptor.
>
>
> Jan
>
>
> >
> > Regards,
> >
> > On Dec 24, 2007 2:52 AM, Larry White < Larry.White_at_sun.com
> > <mailto:Larry.White_at_sun.com>> wrote:
> >
> > Hi Jose:
> >
> > Here is a suggested solution. There are security issues involved
> > in having
> > a servlet with this kind of capability but I'm assuming you already
> > understand
> > that risk. I'm assuming that this application is running on a
> single
> > instance
> > of GlassFish.
> >
> > Part 1: "Data Gathering"
> > You want your servlet to be able to keep track of all sessions
> > created.
> > If you make your servlet implement this interface
> > (javax.servlet.http.HttpSessionListener)
> > you will get a sessionCreated event firing for every session for
> > your app
> > created or activated on your instance.
> > This includes (for example) if session "a" got created first on
> > instance1 then your listener
> > on instance1 gets fired.
> >
> > So based on this you will have a data structure (I would recommend
> > some
> > kind of weak map) on
> > your servlet. In it would be a map from sessionids to the actual
> > session objects.
> >
> > Part 2: "Processing the request to invalidate a list of sessionid's
> > (locally)."
> > For the local instance, this would mean simply iterating over your
> > map,
> > attempting to
> > get each of the ids and for those you find, I guess your intention
> > is to
> > call invalidate().
> > (Some you will not find because they are either already gone through
> > invalidation or
> > expiration) Also for housekeeping as you
> > finish with each key in your structure you should remove it (to
> > avoid a
> > memory leak).
> > That's also the thinking behind our recommendation to use a weak
> map.
> >
> > hope this helps
> >
> > Jose Noheda wrote:
> >
> > > Hi,
> > >
> > > We need to retrieve and invalidate all user sessions where the
> user
> > > happens to have a specific attribute. Is this possible? How can
> > we get
> > > a handle to other users' sessions?
> > >
> > > Regards,
> > >
> > > JoSE
> > > ====
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> > <mailto:users-unsubscribe_at_glassfish.dev.java.net>
> > For additional commands, e-mail: users-help_at_glassfish.dev.java.net
> > <mailto:users-help_at_glassfish.dev.java.net>
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>