Re: Servlet Session Management Question
As promised, I am sharing the solution we have come up with... Hope
it can help someone else trying to something similar, some day.
Best Regards - Todd
==================================================================================================
We decided to use the SessionListener as identified in another thread
I was reading.
When a user goes to an application from the Portal, that application
adds a key, passed by the Portal and the session to an active session
list. When the Portal sends the logout-POST to the application,
passing the the same key and some other useful data, the application
looks up the session in the active session list removes it and
invalidates the session.
Below are some classes/code we use. The code is not finished yet, but
is working as a prototype.
/**
* This class manages the pool of the websessionid's and their
corresponding sessions.
* This is used to have a handle on the session when the applications
logout gets called.
* The logout class gets the websession id from the request and uses
this
* collection to get the corresponding session. This parameter is then
used to invalidate that session.
* It is implemented as singleton and maintains a pool of session
objects.
*/
public final class SessionManager {
private static SessionManager instance = null;
/**
* Hashmap - for finding a session object (value) when the
websessionid (key) is known.
*/
private HashMap sessionPool=new HashMap();
/**
* Ensure singleton usage. Is called from getInstance(). Adds the
configured
* minimum number of connections to the pool.
* @see #getInstance()
*/
private SessionManager(){
if (ApplicationSettings.isInDebugMode()){
System.out.println(LogWriter.getFormattedTimeStamp()+"
SessionManager() initializing pool");
}
}
/**
* @return the SessionManager singleton instance
*/
public static synchronized SessionManager getInstance(){
if(instance == null) {
instance = new SessionManager();
}
return instance;
}
/**
* This method will try to return a session object from the pool.
If this is not possible
* within a certain time, it throws an exception.
* @param webSessionId the websessionid of the session.
* @return an HttpSession.
* @throws Exception if the timout is reached
*/
public HttpSession getSession(String webSessionId){
return (HttpSession)sessionPool.get(webSessionId);
}
/**
* This method will add a session object to the pool with the
corresponding websessionid.
* @param webSessionId the websessionid of the session.
* @param session the sessionobject corresponding to the
websessionid.
* @throws Exception if the timout is reached
*/
public void addSession(String webSessionId, HttpSession session)
{
sessionPool.put(webSessionId,session);
}
}
/////////////////////////////// from the login
code ////////////////////////////////////////
//first time login - add the session to the pool
String webSessionId = getPortalSessionIDFromSession(request);
SessionManager sessionManager =
SessionManager.getInstance();
if(webSessionId != null){
sessionManager.addSession(webSessionId,session);
if (ApplicationSettings.isInDebugMode()){
System.out.println(LogWriter.getFormattedTimeStamp()+"
Application's Session for webSessionId " + webSessionId +" added to
the pool. - SessionId: "+session.getId());
}
/////////////////////////////// from the logout
code ////////////////////////////////////////
//invalidate the session corresponding to the
da_web_session_id
String webSessionId =
(String)request.getParameter(PORTAL_WEB_SESSION_ID);
SessionManager sessionManager = SessionManager.getInstance();
if (webSessionId!=null) {
HttpSession session=sessionManager.getSession(webSessionId);
if (session!=null) {
String SessionId=session.getId();
session.invalidate();
if (ApplicationSettings.isInDebugMode()){
System.out.println(LogWriter.getFormattedTimeStamp()+" Application's
Session for webSessionId " + webSessionId +" invalidated. - SessionId:
"+SessionId);
}
} else {
if (ApplicationSettings.isInDebugMode()){
System.out.println(LogWriter.getFormattedTimeStamp()
+" Application's Session for webSessionId " + webSessionId +" is
null");
}
}
} else {
if (ApplicationSettings.isInDebugMode()){
System.out.println(LogWriter.getFormattedTimeStamp()+"
webSessionId is null");
}
}