java - My different sessions are being duplicated with the same last activity and session id, why? -

- February 15, 2015

i'm using spring security, when log in different browsers same user (which set possible have multiple sessions), data passed controller (where sessioninformation every principal) view being duplicated instead of creating new session id , last activity same different browser sessions well.

this part of spring-security.xml sessionregistry configured , stuff.

        <form-login login-page="/login" default-target-url="/welcome" always-use-default-target="true"             authentication-failure-url="/loginfailed"/>         <logout logout-success-url="/logout" />          <custom-filter position="concurrent_session_filter" ref="concurrencyfilter" />         <custom-filter after="form_login_filter" ref="myauthfilter" />            <session-management session-authentication-strategy-ref="sas"/>     </http>      <authentication-manager alias="authenticationmanager">         <authentication-provider ref="ldapauthprovider">         </authentication-provider>     </authentication-manager>  <beans:bean id="concurrencyfilter"        class="org.springframework.security.web.session.concurrentsessionfilter">       <beans:property name="sessionregistry" ref="sessionregistry" />     </beans:bean>      <beans:bean id="myauthfilter" class=        "org.springframework.security.web.authentication.usernamepasswordauthenticationfilter">       <beans:property name="sessionauthenticationstrategy" ref="sas" />       <beans:property name="authenticationmanager" ref="authenticationmanager" />     </beans:bean>      <beans:bean id="sas" class=      "org.springframework.security.web.authentication.session.concurrentsessioncontrolstrategy">       <beans:constructor-arg name="sessionregistry" ref="sessionregistry" />       <beans:property name="maximumsessions" value="-1" />     </beans:bean>      <beans:bean id="sessionregistry"          class="org.springframework.security.core.session.sessionregistryimpl" />

this controller on sessionregistry being consumed:

@requestmapping(value = "/activeusers", method = requestmethod.get)     public string manageactiveusers(modelmap model, principal principal) {         string name = principal.getname();         model.addattribute("username", name);         list<loginuserinfo> usersessiondata = new arraylist<loginuserinfo>();                 list<object> principals = sessionregistry.getallprincipals();          //todo: find better way remote ip address according each client call         string remoteaddress = ((servletrequestattributes)requestcontextholder.currentrequestattributes())            .getrequest().getlocaladdr();          (object object : principals) {             loginuserinfo userinfo = new loginuserinfo();             ldapuserdetailsimpl user = (ldapuserdetailsimpl) object;             list<sessioninformation> sessions = sessionregistry.getallsessions(user, false);             string username = user.getusername();              (sessioninformation session : sessions) {                 date lastrequest = session.getlastrequest();                 string sessionid = session.getsessionid();                  userinfo.setusername(username);                 userinfo.setip(remoteaddress);                 userinfo.setlastactivity(lastrequest.gettime());                 userinfo.setsessionid(sessionid);                  usersessiondata.add(userinfo);             }                    }          model.addattribute("usersessiondata", usersessiondata);          return "activeusers";     }

and send "usersessiondata" jsp view this.

                  <c:foreach var="userdetail" items="${usersessiondata}">                       <tr>                         <td><c:out value="${userdetail.ip}"/></td>                         <td><c:out value="${userdetail.username}"/></td>                         <td><c:out value="${userdetail.lastactivity}"/></td>                         <td><c:out value="${userdetail.sessionid}"/></td>                       </tr>                    </c:foreach>

as said, user related data being duplicated (sessionid , lastactivity) though log in browser. when requests 1 browser, lastactivity gets refreshed in sessions @ same time.

another thing, when log out different browsers, session should terminated. when check session list, still there. why happening too???

this not problem sessions, it's problem for loops.

you create 1 loginuserinfos per user, , object reused each session. result, see data of last session. create loginuserinfos in inner loop instead.

    (object object : principals) {         ldapuserdetailsimpl user = (ldapuserdetailsimpl) object;         list<sessioninformation> sessions = sessionregistry.getallsessions(user, false);         string username = user.getusername();          (sessioninformation session : sessions) {             loginuserinfo userinfo = new loginuserinfo();             date lastrequest = session.getlastrequest();             string sessionid = session.getsessionid();              userinfo.setusername(username);             userinfo.setip(remoteaddress);             userinfo.setlastactivity(lastrequest.gettime());             userinfo.setsessionid(sessionid);              usersessiondata.add(userinfo);         }                }

this should give expected results.

Search This Blog

Kiastu

java - My different sessions are being duplicated with the same last activity and session id, why? -

Comments

Post a Comment

Popular posts from this blog

android - getbluetoothservice() called with no bluetoothmanagercallback -

sql - ASP.NET SqlDataSource, like on SelectCommand -

ios - Undefined symbols for architecture armv7: "_OBJC_CLASS_$_SSZipArchive" -