KIlling a session by using session ID
I am usingapache tomcat 5.0.28 I want to know that if it is possible that I could destroy a session forcefully whose sessionID() is stored in my database which stores when he logs in in my application just by running a JSP script
I know Httpsessionlistner but they react only on create and destroy which i can use to calculate users number sign in or off....but how can i later distroy that session if i know its session ID....
help me pls....:-|
[473 byte] By [
hunterzza] at [2007-11-27 4:34:02]
# 1
is there any problem in this question?
# 2
You can use HttpSessionListener to maintain a static map. On every create, add the session along it's sessionID to the map. On every destroy, remove the session from the map based on the sessionid.
# 3
Well,as said by my fellow Poster HttpSessionListener is the only solution
which he or to me or as to any1 else can think of at this point of time.
NOTE: You have to use a ServletContainer which implements Servlet 2.3 specification
and to my random memory Apache Tomcat 5.0.28 supports Servlet 2.3 & JSP 1.2 specifications.
and here is the way how you can implement it.
SessionListener.java:
=================
package com.listeners;
import java.util.Map;
import java.util.HashMap;
import java.util.Collections
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionListener;
import javax.servlet.http.HttpSessionEvent;
public class SessionListener implements HttpSessionListener{
/*Usage of a Static Collection Object is what the other Poster is talking about*/
private static Map<String,Session> sessionMX = new HashMap<String,Session>();
/*Synchronizing the Map when an instance of Listener is created by web container*/
public SessionListener(){
sessionMX = Collections.synchronizedMap(sessionMX);
}
/*Called @time when a new session is created */
public void sessionCreated(HttpSessionEvent se){
HttpSession session = se.getSession();
sessionMX.put(session.getId(),session);
}
/*Called @time when an existing session is being destroyed */
public void sessionDestroyed(HttpSessionEvent se){
HttpSession session = se.getSession();
sessionMX.remove(se.getId());
}
/* Utility Methods */
/**
* Returns number os active sessions
*
**/
public static int getNoActiveSessions(){
return sessionMX.size();
}
/**
* Returns a Set of Active SessionIds
*
**/
public static Set<String> getActiveSessionids(){
return sessionMX.keySet();
}
/**
* Returns whether there is any Active Session or not
*
**/
public static boolean isActive(String sessionId){
return sessionMX.containsKey(sessionId);
}
/**
* Returns associated session for specified sessionID
* if not found returns 'null'
*
**/
public static HttpSession getAssociatedSession(String sessionId){
HttpSession session = null;
if(isActive(sessionId))
session = sessionMX.get(sessionId);
returns session;
}
/**
* Invalidates the specified session with consequent sessionID
* returns true if succeful else returns false
*
**/
public static boolean force2Invalidate(String sessionId){
boolean flag = false;
if(isActive(sessionId)){
sessionMX.get(sessionId).invalidate();
flag = true;
}
returns flag;
}
}
and the configure your web.xml (your web appln deployment descriptor)
web.xml:
=======
<?xml version="1.0"?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
-
-
-
-
<listener>
<listener-class>com.listeners.SessionListener</listener-class>
</listener>
-
-
-
-
</web-app>
implement.jsp:
============
<%@ page language="java" import="com.listeners.SessionListener"%>
--
--
--
<%
--
--
--
boolean flag = SessionListener.force2Invalidate(session.getId());
--
--
--
%>
--
--
--
Is session invalidated : <%=flag%>
Hope that gives you some idea :)
and a small advice
It would be gr8 if you can go through below links which can help you more on these
http://edocs.bea.com/wls/docs70/webapp/app_events.html#175768
and do refer Servlet 2.3 specs
http://jcp.org/aboutJava/communityprocess/first/jsr053/index.html
REGARDS,
RaHuL
# 4
You have to store all of the sessions for yourself somewhere.
As the others have mentioned normally that means maintaining a Map of sessions somewhere in memory.
You could do it in a static variable, a singleton, or an application scoped variable (I prefer the latter I think)
An alternative to the HttpSessionListener, is to implement HttpSessionBindingListener on an object.
That event fires on an object whenever it is bound into/out of session.
Also just correcting the previous poster. Tomcat 5 supports Servlet2.4, JSP2.0, as stated [url http://tomcat.apache.org/whichversion.html] here[/url]
Cheers,
evnafets
# 5
>to my random memory Apache Tomcat 5.0.28 supports Servlet 2.3 & JSP 1.2 specifications.
i did not say exclusively supports only Servlet 2.3 & JSP 1.2 specs & more importantly i was not so sure about it.
and here is what the link given by you shows
Servlet/JSP SpecApache Tomcat version
=================================
2.5/2.1 6.0.x
2.4/2.0 5.5.x
2.3/1.2 4.1.x
2.2/1.1 3.3.x
where 5.5.X != 5.0.28 :)
REF: http://tomcat.apache.org/whichversion.html
Hope that does make some sense :)
however, i do accept with your point by refering to
http://tomcat.apache.org/tomcat-5.0-doc/RELEASE-NOTES.txt
and i should be really thankful to you for letting us know about the implementations & versioning which sounds bit complex sometimes.
Hope you have a gr8 day :)
REGARDS,
RaHuL
# 6
I am really happy with your suggestion Rahul........Thanks for your Help...
but I am getting error in compiling yourr code ..pls can you help me in that..
C:\>javac SessionListener.java
SessionListener.java:13: <identifier> expected
private static Map<String,Session> sessionMX = new HashMap<String,Session>();
^
SessionListener.java:64: <identifier> expected
public static Set<String> getActiveSessionids(){
^
SessionListener.java:121: ';' expected
}
^
3 errors
# 7
SessionListener.java:
=================
/*
* SessionListener.java
*/
package com.listeners;
import java.util.Map;
import java.util.HashMap;
import java.util.Collections;
import java.util.Set;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionListener;
import javax.servlet.http.HttpSessionEvent;
/**
* @Author Rahul
*/
public class SessionListener implements HttpSessionListener{
/*Usage of a Static Collection Object is what the other Poster is talking about*/
private static Map<String,HttpSession> sessionMX = new HashMap<String,HttpSession>();
/*Called @time when a new session is created */
public void sessionCreated(HttpSessionEvent se){
HttpSession session = se.getSession();
sessionMX.put(session.getId(),session);
}
/*Called @time when an existing session is being destroyed */
public void sessionDestroyed(HttpSessionEvent se){
HttpSession session = se.getSession();
sessionMX.remove(session.getId());
}
/* Utility Methods */
/**
* Returns number os active sessions
*
**/
public static int getNoActiveSessions(){
return sessionMX.size();
}
/**
* Returns a Set of Active SessionIds
*
**/
public static Set<String> getActiveSessionids(){
return sessionMX.keySet();
}
/**
* Returns whether there is any Active Session or not
*
**/
public static boolean isActive(String sessionId){
return sessionMX.containsKey(sessionId);
}
/**
* Returns associated session for specified sessionID
* if not found returns 'null'
*
**/
public static HttpSession getAssociatedSession(String sessionId){
HttpSession session = null;
if(isActive(sessionId))
session = sessionMX.get(sessionId);
return session;
}
/**
* Invalidates the specified session with consequent sessionID
* returns true if succeful else returns false
*
**/
public static boolean force2Invalidate(String sessionId){
boolean flag = false;
if(isActive(sessionId)){
sessionMX.get(sessionId).invalidate();
flag = true;
}
return flag;
}
}
I'm so sorry i have just just posted my idea.Check the one posted above
Hope that might help :)
REGARDS,
RaHuL
# 8
still it is giving me this error ........why this is happening
C:\>javac SessionListener.java
SessionListener.java:17: <identifier> expected
private static Map<String,HttpSession> sessionMX = new HashMap<String,HttpSe
ssion>();
^
SessionListener.java:60: <identifier> expected
public static Set<String> getActiveSessionids(){
^
SessionListener.java:118: ';' expected
# 9
Come on, a small effort from your own side doesn't harm. Try to do a *few* more than only copypasting and then immediately complaining that it doesn't work without debugging or researching yourself.Well, remove the parameterized types or upgrade to at least Java 1.5.
# 10
debugged code for sessionlistener........
package com.listeners;
import java.util.Map;
import java.util.HashMap;
import java.util.Collections;
import java.util.Set;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionListener;
import javax.servlet.http.HttpSessionEvent;
/**
* @Author Rahul
*/
public class SessionListener implements HttpSessionListener{
/*Usage of a Static Collection Object is what the other Poster is talking about*/
private static Map sessionMX = new HashMap();
/*Called @time when a new session is created */
public void sessionCreated(HttpSessionEvent se){
HttpSession session = se.getSession();
sessionMX.put(session.getId(),session);
}
/*Called @time when an existing session is being destroyed */
public void sessionDestroyed(HttpSessionEvent se){
HttpSession session = se.getSession();
sessionMX.remove(session.getId());
}
/* Utility Methods */
/**
* Returns number os active sessions
*
**/
public static int getNoActiveSessions(){
return sessionMX.size();
}
/**
* Returns a Set of Active SessionIds
*
**/
public static Set getActiveSessionids(){
return sessionMX.keySet();
}
/**
* Returns whether there is any Active Session or not
*
**/
public static boolean isActive(String sessionId){
return sessionMX.containsKey(sessionId);
}
/**
* Returns associated session for specified sessionID
* if not found returns 'null'
*
**/
public static HttpSession getAssociatedSession(String sessionId){
HttpSession session = null;
if(isActive(sessionId))
session = (javax.servlet.http.HttpSession) sessionMX.get(sessionId);
return session;
}
/**
* Invalidates the specified session with consequent sessionID
* returns true if succeful else returns false
*
**/
public static boolean force2Invalidate(String sessionId){
boolean flag = false;
if(isActive(sessionId)){
javax.servlet.http.HttpSession session = (javax.servlet.http.HttpSession) sessionMX.get(sessionId);
session.invalidate();
flag = true;
}
return flag;
}
}
# 11
debugging is not a big deal but only thing is that it takes time i wanted the help because i thought i could save my time.....sharing knowledge is a good thing but never leave someone in between of his search ......information should be correct and accurate.......anyway thanks ...and sorry for my laziness i was just thinking to save time....:)
