How to end a Session when the user goes to some other website

Discussions

Web tier: servlets, JSP, Web frameworks: How to end a Session when the user goes to some other website

  1. Hi there,

    Actually what i am trying to do is...as follows

    1. I have made a login page. the user enter the password and it is verified in database and then a session is created.
    2. Somepages in the website are only for viewing of registered users. So once the user logs in he gets access to those pages.

    Till here i have done it successfully.

    The main problem is..

    1. How to know when the user has gone to some othersite so that i can end the session for security reason. and later when he returns, i again as him to log in..

    I want to do this only.
    So if anyone knows the answer to my query..plz help me out.
    Plz give some code also,

    thank u in advance,
    With regards,

    Sukhvinder Singh


    P.S.- for logging out i have made session.invalidate
          but what if the user doesnt press the logout button. then comes the real problem. plz help
  2. in your main page check if a session already exists. if it does then invalidate that session. so if a validated user goes so some other site and comes back to ur login page then u can invalidate his existing session and create a new session thus treating him as a new user.

  3. You can do this easily , if you have your own Session Manager.

    Implement a Session Manager using Hashtable of Sessions
    Each session may be an object in a Hashtable.
    For example you may want to store the following information
    for each session.

    class SessionInfo
    {
      String sessionId;
      String timefirstLoggedIn;
      String lastAccessed; // Default value = login time
      booolean validSession;
    }

    Create a Session ( You may use cookies to remember session)
    and store in a Session Manager

    Create a thread is your session manager to monitor sessions.
    say if they were not accessed for 30 minutes purge the
    session.

    Keep your Session manager object in Servlet context,
    so that all Servlets can access the Session manager
    object.

    Code your Session manager access code in a base class
    ( ServletBase ) and extend all the Servlets from this base
    class.

    Hope this helps.

    Thanks.
  4. thanks a lot.. i will try to do this..