-
FEATURED COMPONENTS
First time here? Check out the FAQ!
Hi,
I need help with the management of users session.
When user login the application it is saved at a session attribute:
session.setAttribute("user",user)
; And it is also saved in an array of users to control all the users that are logged in our application. If a user in the array is trying to login we show a message saying that he is also connected from anywhere else.
When he is logged he has de posibility to log out using a button that it is enabled to do it. When he log out I invalidate the session, remove the user from the user array and redirect the page to the login. All that works ok.
The problem is that we want to close his session too when all his pages are closed. To do that we use a counter that is increased every time he opens a page (controlled with DesktopInit) and decreased when he closes a page (controlled with DesktopCleanup). In DesktopCleanup when this counter reaches 0 we invalidate the session and we remove the user from the array. Buuuut we have noticed that DesktopCleanup is not always called, specially with Chrome, Safari (webkit browsers). So sometimes the user is not removed from the array and it appears to us as connected. So when he tries login we notice that he is already connected and we don't allow to him to login again.
Does anyone of you use a similar session controller? How do you manage user session?
Please I need help.
Thank you
hello Neus! i have the follow: on controllers:
@Override
public ComponentInfo doBeforeCompose(Page page, Component parent, ComponentInfo compInfo) {
user = (User) Sessions.getCurrent().getAttribute("user");
if (user== null) {
Executions.sendRedirect("/login.zul");
return null;
}
return super.doBeforeCompose(page, parent, compInfo);
}
and others configs is on web.xml
<listener>
<description>
Used to cleanup when a session is destroyed
</description>
<display-name>ZK Session cleaner</display-name>
<listener-class>org.zkoss.zk.ui.http.HttpSessionListener</listener-class>
</listener>
<session-config> <session-timeout>120</session-timeout> </session-config>
and zk.xml
<session-config>
<!--
Uncomment it and set it to android, if you want to configure for
an Android device.
If omitted, ajax is assumed.
Currently, only timeout-uri and automatic-timeout support per-device
configuration.
<device-type>ajax</device-type>
-->
<!-- Comment it out if you prefer to show a message instead of redirecting
Note: an empty URL can cause the browser to reload the same URL
-->
<timeout-uri>/index.zul</timeout-uri>
<!-- Uncomment it if you prefer to have a custom message.
Notice that, to make it work, timeout-uri shall be removed.
See http://books.zkoss.org/wiki/ZK_Configuration_Reference/zk.xml/The_session-config_Element
<timeout-message></timeout-message>
-->
<!-- Uncomment the following if you want to automatically redirect
to the timeout page. By default, it is triggered by the user
after timeout (such as clicking).
<automatic-timeout/>
-->
</session-config>