struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan <>
Subject Re: Manage Sessions in Struts
Date Mon, 01 Dec 2008 12:43:17 GMT
Paweł Wielgus escribió:
> Hi all,
> by saying non web based i ment swing or swt.
> As for Spring WebFlow, Paul could You elaborate more about it, i was
> almost sure that it's impossible . Lets take my standard behavior, i
> open my page with default tab, then i click middle button (wheel) on a
> link and get a content in new tab, then i continue to work on new tab.
> If i got it right it sholud not be possible to do it?
> Best greetings,
> Paweł Wielgus.
> 2008/12/1 Paul Benedict <>:
>> Oh, my apologies. I thought the discussion revolved around preventing
>> the same person from having multiple sessions.
>> If you want to just prevent multiple views, you need to integrate
>> Spring WebFlowwt.
>> Paul
>> On Sun, Nov 30, 2008 at 4:45 PM, Dave Newton <> wrote:
>>> --- On Sun, 11/30/08, Paul Benedict wrote:
>>>> I've seen this kind of solution before. When a user logs
>>>> in, you need to write them into a database -- either in
>>>> memory or disk -- and then do not allow the same user to
>>>> log in again until the previous session expires. You want
>>>> to use a session listener for this to detect expired sessions.
>>> I'm not sure that solves the problem of multiple session "views" in browsers
that make new tabs/windows as non-new connections/sessions, though--I think those have to
be handled with a sort of token mechanism.
>>> Dave
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail:
>>> For additional commands, e-mail:
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> For additional commands, e-mail:
In fact there is another point, using databases for storing sessions, if 
a user closes his tab or browser without "clicking" the correct link in 
the webapp which invalidates the session, this session would be still 
active in DB. Then a businness logic between the servlet and the DB 
should be implemented...but how  to control it? It is a catch 22 : /

A bad situation for multiple tabs: Imagine a webapp for tests. A user 
could open multiple tabs login-in correctly with the session id and make 
multiple tests when only 1 test per user should be permitted, this 
implies multiple access to DB and a security hole for the webapp.

So if there is no clear or unknow implementation to solve this kind of 
problem, something in a higher level should be done to take control 
about tabs, shouldn´t it?

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message