Вопрос

I know this question was asked a lot, but I didn`t find anything that could help me.

I`m using Java, JSF, EJB, JPA, GlassFish, MySQL.

I developed web sites with autentification, using these technologies, but with only from one location (one session at a time) and if another user logged in from another location (s)he could see the state of the first users session.

Now I need to develop a multiuser web application with a commom home page and a few commom features, but the rest needs to be user dependent a multi thread access to the web application and to the database.

I need to:

  • limit the users capabilities to start a session from only one location, one computer
  • have them make them register on the site for a limited period of time (the profile should be active for 1 year lets say)
  • to give them timeouts after 1 hour and so on...

Please help me understand what I have to do to! I dont know how and where to start, I read a lot of articles about this, but it was just bits and pieces and I dont have a full picture about this.

Thank you for your time, happy coding and keep up the excelent work your doing here!

Это было полезно?

Решение

if another user logged in from another location (s)he could see the state of the first users session.

This is not right. This application was badly designed from the beginning on. This can happen when you're storing request and/or session-scoped data in a static variable or in the application scope. This is not right. Request scoped data should be stored in non-static variable in a request scoped bean. Session scoped data should be stored in a non-static variable in a session scoped bean.

In other words, stop using static variables until you really understand what that means and don't store the data in a too wide scope.

See also:

Лицензировано под: CC-BY-SA с атрибуция
Не связан с StackOverflow
scroll top