Tamas Szabo wrote the following on 7/28/2005 2:24 AM:
Yes, the sessionCount is decremented everytime a session is destroyed
regardless of regular logoff, 'forced' logoff (max sessions in use) :-))
or timeout.
But that's what I wanted. Do you see a problem with it?
sessionCount is the number of existing sessions, so I decrement the
sessionCount everytime a session is destroyed(no matter why it was
destroyed).
Thanks so much Tamas (and Frank, et al) for help with this. Tamas your
solution is what I ended up going with (started it before I saw Frank's
which looked similar). Here were some problems though...
1) For one, the business requirement created a bit more complication in
the filter. For example a check for the session timing out has to take
place on all pages except for (index.jsp/login/logout/appinuse). I'm
doing this check in the filter by checking for the session being null,
but it created complications of when to force a new one, which is needed
for the 'invalidate' check.
I'd love some help with the ugly logic I have (which I'll post at end of
this doc). I know it can be cleaned up, but you know how it is when your
trying a million different if/else things and your brain is frazzled:)
2) I noticed a lot of odd behavior when the server was shut down and the
pages were still up. For example, if the user was left on a page that
displayed a "log off" link and the server was restarted, when they then
clicked on log off (which calls session invalidate) it would decrement
the sessionCounter to -1. I'm not sure how sessionDestroyed could get
called before sessionCreated, but I guess it can? My hack here was to do
a check for sessionCount being less than 0 and if so reset it to 0.
3) Using <[EMAIL PROTECTED] session="false" %> didn't seem to call the
sessionDestroyed method, which I really need to have happen when they
hit the logoff and appinuse.jsp. I went back to using <%
session.invalidate(); %> (I haven't looked at the docs on
session="false" for JSPs does that just make sure a new Session isn't
created?)
OK here is the filter that I'd love some clean up on. There must be a
way to make this less ugly...you can try this link to see the full version:
http://rafb.net/paste/results/6APQEc67.html
or the relevant code is below but I'm sure it'll wrap ugly...
if ( pathNeedsCheckForSession(path) ) {
log.debug("pathNeedsCheckForSession = true");
if (session == null) {
log.debug("The session no longer exists, we are
creating new one and redirecting to index.jsp");
//create a new Session which will allow it to be tested
for too many
session = request.getSession(true);
response.sendRedirect(contextPath+"/index.jsp");
return;
}
} else if (session == null ) {
//we are going to login/logout/or index page and no sesion
exists so we should create new one
session = request.getSession(true);
}
if ( path.indexOf("/appinuse.jsp") == -1 &&
path.indexOf("/logout.jsp") == -1 ) {
log.debug("path not appinuser or logout.jsp so testing for
if too many users");
//if it's not the appinuse page or logout page, we need to
see if the app is in use
if ( session.getAttribute(Constants.INVALIDATE) != null ) {
log.debug("The application is in use");
response.sendRedirect(contextPath+"/appinuse.jsp");
//make sure on appinuse page to also invalidate the
session!
return;
}
}
Thanks!
--
Rick
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
