1

I know this question was asked a lot, but I didn`t find anything that could help me.

I`m using Java, JSF, EJB, JPA, GlassFish, MySQL.

I developed web sites with autentification, using these technologies, but with only from one location (one session at a time) and if another user logged in from another location (s)he could see the state of the first users session.

Now I need to develop a multiuser web application with a commom home page and a few commom features, but the rest needs to be user dependent a multi thread access to the web application and to the database.

I need to:

  • limit the users capabilities to start a session from only one location, one computer
  • have them make them register on the site for a limited period of time (the profile should be active for 1 year lets say)
  • to give them timeouts after 1 hour and so on...

Please help me understand what I have to do to! I dont know how and where to start, I read a lot of articles about this, but it was just bits and pieces and I dont have a full picture about this.

Thank you for your time, happy coding and keep up the excelent work your doing here!

CyberGriZzly
  • 379
  • 3
  • 9
  • 22

1 Answers1

3

if another user logged in from another location (s)he could see the state of the first users session.

This is not right. This application was badly designed from the beginning on. This can happen when you're storing request and/or session-scoped data in a static variable or in the application scope. This is not right. Request scoped data should be stored in non-static variable in a request scoped bean. Session scoped data should be stored in a non-static variable in a session scoped bean.

In other words, stop using static variables until you really understand what that means and don't store the data in a too wide scope.

See also:

Community
  • 1
  • 1
BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
  • Thanks for the fast answer. So I should play with the scope of the beans? I knew I have to declare the right kind of scope, but that is enought? And with the database access? The JPA knows how to handle multi accesses? – CyberGriZzly Nov 06 '12 at 16:54
  • It's not exactly playing. Just use the right scope for the data. It just makes no sense to store request scoped data in the application scope. See also the "See also" link. As to JPA/EJB, as long as you don't use `static` for no reason and use them the idiomatic way, then it's fine as well. – BalusC Nov 06 '12 at 16:57
  • I know it is not playing. I just said it in a little funnier way. Thank you very much for your help. I just asked these questions to be sure, not to design and implement something that is wrong from the beggining and them have to do it all over again. Thank you! – CyberGriZzly Nov 06 '12 at 19:03