JSP security-session management

D

dina

We are implementing a security module in one of our applications.
The application is a servlet app that works with Tomcat and Internet
Explorer 6.
We would like to implement the following security events:
1) Deny more than N (global parameter) connections to a user. For
example - if N=2, the user 'usr' will be able to login to the system
from two different sessions simultaneously.
2) From each PC, only one instance of the application will run. On one
PC, only one IE windows will be able connect, and not two or more
simultaneously.

All the user names and passwords are restored in an Oracle database.
We would like to achive the following:
When a user logs to the application the users's URL and session will be
saved in the database by updating the matching columns (ip and
sessionid). When a user logs out the ip and sessionid are deleted (set
null). If a user logs in and the URL and sessionid are not null, then
we will check if the seesionid is valid in WEB app.

How can we check on a known session if the session is valid or not?
Please add some code for examples.
Thanks,
Dina
 
A

alexnb

Hi Dina,

do i unterstand it correctly: in a JSP (or servlet) you want to check
if another (not the current(!)) session is valid.

What is "valid" for your application? If you just want to check if the
is session timeout for that session, there is an easy way: you register
a HttpSessionListener on every session (at creation time) that sets the
DB columns to null, when "void sessionDestroyed(HttpSessionEvent se)"
is called by the servlet engine. If you do that, you do not need to
check if a session is valid, because all invalid sessions will be
removed from the DB automatically - on timeout or logout.

hope that helps,
Alex
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,905
Latest member
Kristy_Poole

Latest Threads

Top