I have used Spring MVC and hibernate in my web service project. I want to handle user login sessions and session timeout. These services(ex :- login) can be accessed through web portal as well as Android/iOS device by the same customer. When one of these call to logout service, it should only logout for the current device and keep other login sessions unchanged.
Asked
Active
Viewed 6,405 times
2
-
1What u have tried so far ? – Ashish Ratan Nov 12 '15 at 10:52
-
I have write some services for my projects like registration steps, login, logout etc. Also it working fine and no any errors. What I need is how can create session and work with it? – samith kumarasingha Nov 12 '15 at 12:00
2 Answers
2
The short answer for this is use Spring Security.
Spring Security is one of the excellent Java Security framework out there. It will help you to manage the user logged in sessions the way you want it. Integrating Spring Security with Spring MVC is very easy, because you already have Spring Beans configuration file. All you need is to create spring security authentication related changes to get it working.
I will not go in depth, rather recommend you to look into these tutorials:
- Spring Security Hello World Example
- Spring MVC Security Example using in-memory, UserDetailsService and JDBC Authentication
- Securing your REST API with Spring Security
I would strongly recommend you to look into this Stackoverflow thread.
To use http Sessions in Spring MVC, please follow the below links:
-
Do you know how to use http session in spring and how to use it? – samith kumarasingha Nov 12 '15 at 17:48
-
This reference also useful [link](http://stackoverflow.com/questions/13694239/how-to-track-login-attempts-using-httpsession-in-java) – samith kumarasingha Nov 13 '15 at 08:45
0
Since you want logout user specific to the device from where you press logout, my idea is to use tokens, and maintain these in temporary database, for ex, user accessing your api via mobile will have some token generated and via web some other token should be generated and stored in database like
USERID----TOKEN----MODE-
1 --- abcde1233 --- web
2 --- abcde7878 --- mobile
So now you can logout user specific to device, its just an idea, not sure how efficient this might work for your problem.
optimus
- 729
- 2
- 12
- 36
-
thanks. it is useful. But I like to do it in spring related method. something like HttpSessions. – samith kumarasingha Nov 12 '15 at 16:58