Home / freesexchatmoblie / Invalidating the session in jsp

Invalidating the session in jsp

Hi all, I'm facing problem while with invalidating session. I've a code through which I can invalidated the session that I'd created, by pressing logout link provided.

Actually I want to redirect a user to the login page if the session is invalid either he presses back button or enters a url. The code for session invalidation is as under : Http Session ses = Session(); ses.invalidate(); after calling this servlet code my session gets ended and m redirected to login page.

The workaround we used was to apply a filter to all incoming requests that check to see if they are the currently active session.

If not, they invalidate the session and redirect the user to a login page.

Scenario is like that I want to login with one application through one userid and password. I need to invalidate the other session to login again right now from now machine. My query is that can i invalidate that other machine session by using this databse sessionid value.

Thanks in advance, zeet If you store a map of userid to sessionid in the database then you could potentially read it from another machine (each time a user accesses your site) and invalidate the session the next time the user accesses the site.

but how do you think that above this code will work , if two persons were logged from two seperate Machines ??

The way that it would work is that you have to have some sort of way to store the "current valid session ID". This is by no means a complete solution but just a good starting point.

invalidating the session in jsp-31invalidating the session in jsp-90

Is what this does is generates a unique number and puts it in a hidden field on you page if your using a struts form.

Then when a user logs in with the same credentials we prompt the user to allow them to either abandon their login or continue and invalidate the old session.

(This is the requirement we were implementing a solution for.) Regardless of what machines they log in from, the container will generate the unique session, and thus a unique ID for the connection.

You have to somehow store what the current valid ID will be.

For us, when the user logs in if no active session exists then that session becomes the valid ID.

183 comments

Leave a Reply

Your email address will not be published. Required fields are marked *

*