6 Replies Latest reply on May 30, 2006 9:08 AM by chris griffith

    Problem in persisting session data

    Ashish Arya Newbie

      Hi Everone,

      I have a problem regarding persisting user's data in session.
      In my application, I need to maintain the application flow as well as user's data in session even after the session expired.

      I am using my customized LoginModule (and added its entry in login-config.xml), so that if the session expires the JBoss will take the user to the Login screen. On successful login the user will be forward to the next page in flow, so that the application flow is maintained. Also on this page, my request persist, but the user's data which was in session doesn't because session has expired.

      Now in order to persist the user's data, I am thinking of writing an HttpSessionListener, so that before session expires, I should be able to save the user's data (may be in a map in Application context). but with what key?
      After the user again login, how should I read the user data from application map and put it in user's new session, so that for user it seems as if my request as well as session persist.

      Any pointer would be helpful.
      Thanks in advance.

      regards,

      Ashish

        • 1. Re: Problem in persisting session data
          jaikiran pai Master

          If you have a mechanism of somehow maintaining the session data in your application context when the session is destroyed, then i dont see a issue in restoring the same. The HttpSessionListener also has a method sessionCreated. This method will be called when the session is created. So you can write your logic of restoring the data in this method.
          Something like:

          public void sessionCreated(HttpSessionEvent httpSessionEvent ) {
           Application appContext = SomeService.getApplicationContext();
           Map savedSessionData = appContext.getSavedSessionData();
          
           //get hold of the session
           HttpSession session = httpSessionEvent .getSession();
          
           //now that you have got hold of the session, put into the session the data present in the savedSessionData map
           ......
          }




          • 2. Re: Problem in persisting session data
            chris griffith Expert

            Dear gang,

            I do not think the issue is how to save the session data, I think the issue is under what unique identifier the data should be stored. If a session ID is used to store the data, that ID is only valid for that session. So when a new session is created the old ID is lost and as such can not be used to find the old session data.

            You could use the user principal, but that only may not be good enough. It is possible for a user to have more than one active session. You could have a stack type data structure for each user. So as a session expires or is invalidated, the session is pushed onto a stack for that user. When a new session is created, the session on stack is poped off and used to populate the new session.

            Would this be helpful, cgriffith

            • 3. Re: Problem in persisting session data
              Ashish Arya Newbie

              Now the problem is become more complicated.

              Suppose the user is on Page A and clicking on some link here should take him to Page B. But since the session has expired, the server will first take the user to the login screen (I am using JBoss/JAAS for authentication). The login screen appears because JBoss put some object in the session to authenticate the user every time and since the session expires, the server assumes that you are a new user. After entering correct information on the login screen the user will navigate to the Page B. But on this page, except ur request parameters, nothing is available to u. Neither the request attributes nor objects that were in the old session. Also we don't have any handle or proper key to store these objects somewhere and put them back in Request/Session.
              The interesting point is that although the request parameters persist, the request object itself changes and also the URL in the browser shows the URL of login screen after the session expires.

              In simple words, my requirement is to maintain the application flow and the user's data both in request and session even after the session expires, so that from user point of view it seems as if the session expires, I have to go through a login screen and the things will again working as usual.

              Any help or pointer would be great.

              Thanks in advance.

              regards,

              Ashish

              • 4. Re: Problem in persisting session data
                chris griffith Expert

                Ashish,

                The flow should occur like this...


                1 User A is on page 1

                2 User A's session expires

                3 Your session listener is invoked and does some majic to save the session stored objects

                4 User A requests page 2.

                5 The container determines user A's is not authenticated/authorized (becuase no Principal stored in session), stores the request (and all it's contents) in new session, and forwards user to login page

                6 User authentciates/authorizes, a new session is created by container, user is forward to original request page 2.

                7 your session listener was invoked as part of step 6, which majically restores session stored object.

                If this is not what is happening, please explain where it is going wrong. And more importantly, how did you implement the majic?

                cgriffith


                • 5. Re: Problem in persisting session data
                  Ashish Arya Newbie

                  Hi Cgriffith,

                  Thanks alot for your reply. Please find my reply inline, MARKED AS RED.

                  The flow should occur like this...

                  1 User A is on page 1

                  2 User A's session expires

                  3 Your session listener is invoked and does some majic to save the session stored objects.

                  This is where the problem arises. We don't have any unique key here to store session object. If I keep the userId as key, thats not right as the same user can have multiple browsers open. Also I thought to keep Request object as the key, but unfortunately that also won't work, as the complete request object is changed. A new request is created (although the old parameters are kept but not the attributes or other information). Thus there is no unique key to store the session object. Also, if assume that somehow we manage to store the session object, what abt the request attributes. There is no way to determine those attributes. Page2 may expect lots of attributes in request and session to paint the page.


                  4 User A requests page 2.

                  5 The container determines user A's is not authenticated/authorized (becuase no Principal stored in session), stores the request (and all it's contents) in new session, and forwards user to login page

                  Small correction, It stores only requets parameters not all its contents.


                  6 User authentciates/authorizes, a new session is created by container, user is forward to original request page 2.

                  7 your session listener was invoked as part of step 6, which majically restores session stored object.

                  Again the same problem of key


                  If this is not what is happening, please explain where it is going wrong. And more importantly, how did you implement the majic?


                  Hope, u have now understood my problem. Now I got the impression that this is something not possible and logical too. If u really want to implement this scenario where the application flow should be maintained even after Session time out, u should not keep any required information in Session or request attributes. otherwise it doesn't seems to be possible to again store all session/request attributes and put them into new session/request.

                  Please correct me, if u feel I am wrong.

                  regards,

                  Ashish

                  • 6. Re: Problem in persisting session data
                    chris griffith Expert

                    Ashish,

                    Your comments are presicely what I have been saying all along. Hence my statement...

                    I do not think the issue is how to save the session data, I think the issue is under what unique identifier the data should be stored.


                    cgriffith