User session management

asked 2013-01-24 08:50:38 +0800

Neus gravatar image Neus
1415 14

updated 2013-01-24 15:51:55 +0800

Hi, I need help with the management of users session. When user login the application it is saved at a session attribute: session.setAttribute("user",user); And it is also saved in an array of users to control all the users that are logged in our application. If a user in the array is trying to login we show a message saying that he is also connected from anywhere else.

When he is logged he has de posibility to log out using a button that it is enabled to do it. When he log out I invalidate the session, remove the user from the user array and redirect the page to the login. All that works ok.

The problem is that we want to close his session too when all his pages are closed. To do that we use a counter that is increased every time he opens a page (controlled with DesktopInit) and decreased when he closes a page (controlled with DesktopCleanup). In DesktopCleanup when this counter reaches 0 we invalidate the session and we remove the user from the array. Buuuut we have noticed that DesktopCleanup is not always called, specially with Chrome, Safari (webkit browsers). So sometimes the user is not removed from the array and it appears to us as connected. So when he tries login we notice that he is already connected and we don't allow to him to login again.

Does anyone of you use a similar session controller? How do you manage user session?

Please I need help.

Thank you

delete flag offensive retag edit

1 Answer

Sort by ยป oldest newest most voted

answered 2013-01-24 10:18:52 +0800

mhj gravatar image mhj flag of Brazil
806 1 7

hello Neus! i have the follow: on controllers:

public ComponentInfo doBeforeCompose(Page page, Component parent, ComponentInfo compInfo) {
    user = (User) Sessions.getCurrent().getAttribute("user");
    if (user== null) {
        return null;
    return super.doBeforeCompose(page, parent, compInfo);

and others configs is on web.xml

    Used to cleanup when a session is destroyed
    <display-name>ZK Session cleaner</display-name>

<session-config> <session-timeout>120</session-timeout> </session-config>

and zk.xml

     Uncomment it and set it to android, if you want to configure for
     an Android device.
     If omitted, ajax is assumed.
     Currently, only timeout-uri and automatic-timeout support per-device

    <!-- Comment it out if you prefer to show a message instead of redirecting
        Note: an empty URL can cause the browser to reload the same URL

    <!-- Uncomment it if you prefer to have a custom message.
        Notice that, to make it work, timeout-uri shall be removed.
        See http://books.zkoss.org/wiki/ZK_Configuration_Reference/zk.xml/The_session-config_Element

    <!-- Uncomment the following if you want to automatically redirect
        to the timeout page. By default, it is triggered by the user
        after timeout (such as clicking).
link publish delete flag offensive edit


My application doesn't have a timeout that's why I have to control the log out when all desktops are closed. Do you use DesktopCleanup in your application? If it is, does i towrk properly? Thank you!

Neus ( 2013-01-24 10:46:59 +0800 )edit

in my case, user is null when browser is closed and reopened, I believe that's the way most of the bundled applications

mhj ( 2013-01-24 10:55:32 +0800 )edit

I edited my question trying to explain my case better. BTW, when a user close all his pages, session is invalidated?And all its variables removed? Or what do you mean by saying that when browser is closes user is null?

Thank you mhj

Neus ( 2013-01-24 15:53:44 +0800 )edit
Your answer
Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!

[hide preview]

Question tools

1 follower



Asked: 2013-01-24 08:50:38 +0800

Seen: 90 times

Last updated: Jan 24 '13

Support Options
  • Email Support
  • Training
  • Consulting
  • Outsourcing
Learn More