Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] HttpSession object lifetime

Hello all,

This might be a generic servlet question but since Jetty (10.0.2, embedded mode) implements otherwise unspecified behavior I would like to ask this here anyway.

I am trying to setup a scheme where user can be limited to no more than one logged in session at the same time. Any existing session for a particular user that logs in should be invalidated making the last session the only valid one. Somehow I need to manage a mapping from user name to some session referencing information that represents currently active sessions and allows me to invalidate a session. I did a quick-and-naive implementation using a WeakValueMap that maps the user name to a weak reference to a HttpSession object. Unfortunately, that showed very erratic behavior (existing session where not in the map) that I at first could not explain. I decided to try what happened when I use the HttpSession objects themselves as mapped values. That worked. I suspect that the HttpSession objects could be more temporary than I thought that validity of a HttpSession object is only guaranteed during the lifetime of the HttpServletRequest object that it was obtained from. That makes perfect sense and explains what I observed.

But now my question is: how can I achieve my goal? I can map user names to session IDs but have no way of accessing the related sessions, other than using the ID to make up some request that is handled by invalidating the then accessible session. This seems rather clumsy and I am hoping there is a better way to do this.

Any suggestions would be welcome.

Thanks,

Silvio


Back to the top