Actually what i am trying to do is...as follows
1. I have made a login page. the user enter the password and it is verified in database and then a session is created.
2. Somepages in the website are only for viewing of registered users. So once the user logs in he gets access to those pages.
Till here i have done it successfully.
The main problem is..
1. How to know when the user has gone to some othersite so that i can end the session for security reason. and later when he returns, i again as him to log in..
I want to do this only.
So if anyone knows the answer to my query..plz help me out.
Plz give some code also,
thank u in advance,
P.S.- for logging out i have made session.invalidate
but what if the user doesnt press the logout button. then comes the real problem. plz help
in your main page check if a session already exists. if it does then invalidate that session. so if a validated user goes so some other site and comes back to ur login page then u can invalidate his existing session and create a new session thus treating him as a new user.
You can do this easily , if you have your own Session Manager.
Implement a Session Manager using Hashtable of Sessions
Each session may be an object in a Hashtable.
For example you may want to store the following information
for each session.
String lastAccessed; // Default value = login time
and store in a Session Manager
Create a thread is your session manager to monitor sessions.
say if they were not accessed for 30 minutes purge the
Keep your Session manager object in Servlet context,
so that all Servlets can access the Session manager
Code your Session manager access code in a base class
( ServletBase ) and extend all the Servlets from this base
Hope this helps.
thanks a lot.. i will try to do this..