Synchronizing session between two web application - session

Use case:
I have two web application running on tomcat which are deployed on two different machines. One of my application is a parent and other is a child. I login to my parent application and hitting a link on one of the pages of parent application i sends a browser request to my child application that open's one of its page in a separate browser window. In this scenario i would want both of my application to share the same timeout value and should behave like one complete application.
Scenarios to handle:
If i logout from my parent app, my child app should also get logout
If i close parent window, parent should get logout along with child
If i close child window, child should get logout and parent should remain logged in
If both the window are closed, both parent and child should get logout
Solution:
Set parent session time out to some value..say 30mins
Create a REST service on parent..let's say "parentisAlive()"
Create a REST service on child..let's say "childisAlive()"
Create session listeners on parent and child
Each of the session listeners would invoke its respective REST service
REST service would talk to each other based on its own application's sessionID
Parent would presist(memory/DB) child's sessionID and vice versa
Respective applications session listener would get activated when each of its timeout value reaches a specific value..say 20mins
Session listeners would invoke respective REST service that will be responsible to synch each others session time out value
Can anyone please suggest if this would be a good solution to implement session synchronization, does anyone see any flaw in this?

Tomcats Single sign on valve will handle most of your needs. But if you close a browser window the sessions will still remain, as long as at least on window or tab is open.

Related

Window Child Session launcher issue

I am facing issue while implementing Child Sessions launcher in my app. Basically as per Microsoft document when admin user launches child session then it shouldn't ask for credentials. However it does ask credentials (shows as popup to enter the credentials). If the user cancel it then we want to capture the cancel event.
We have implemented the child launcher functionality by referring to this url -
https://learn.microsoft.com/en-us/windows/win32/termserv/child-sessions
when it calls ImsRdpClient9.connect(), then it pop-ups to enter the credentials. Now if user clicks on cancel then I want to capture the event. I tried implementing https://learn.microsoft.com/en-us/windows/win32/termserv/imstscaxevents-interface but it didn't work. Is anyone out there to show an example how to implement the IMsTscAxEvents interface and listen to the various event (e.g, OnLogonError, OnAuthenticationWarningDisplayed etc) when windows show up with the logon error (on child session launcher).

Issues with A background URLSession with identifier

I tried this code in my project to download large files in background and it works fine. I start downloading in UIViewController. If I go to another view and back to the UIViewController ,it stop reloading the progress bar.
I got the Issues with A background URLSession with identifier already exists!. I Want to create new session every time when UIViewController load. I want invalidate all background session when dismiss the view controller. I tried all possibilities to resolve this issue but don’t get succeed.
Click Here
When you create a background session, you're doing two things:
Telling nsurlsessiond (a background daemon) to create a session.
Creating a local session in your app that is connected to that session.
The purpose of the identifier is to allow your app to reconnect to the external session (controlled by nsurlsessiond) if your app gets terminated by the operating system.
To my knowledge, it is not normally possible for your app to voluntarily dissociate its session from the background session. So when your app tries to create a session with the same identifier, suddenly there are two sessions that are both trying to talk to the same external session in nsurlsessiond, and things go very wrong. That's not a supported way to use the API.
The background session object must be kept alive the entire time that your app is running. Don't try to dispose of it and recreate it within a single launch. You should not ever create a session with the same ID unless your app gets relaunched.
Note, however, that if your app gets relaunched to handle background events (iOS only), when you call the completion handler provided by the event, your app's local session does get invalidated, and you need to create it if your app does anything after that. That's the only situation I'm aware of where a background session ever stops being associated with the background session in nsurlsessiond, and thus that's the only situation where you should ever create a session with the same ID twice in a single launch (once when you're asked to handle background events, and then potentially again when you get a didFinishLaunching call to indicate that the user foregrounded your app).

cannot run two application deployed on websphere

I need help, since I am new to websphere.
We have 2 applications, deployed in the same websphere server. The problem is that we cannot run those 2 applications simultaneously. Running the 2nd application will immediately expire the 1st application (the 2nd application will also expire after a few seconds) .
Here are the series of events
Login to the 1st application http: //stackoverflow:8080/Application1URL/
Leave the application 1 gui running (you must be logged into the application).
Open another browser tab. Run the 2nd application on the new tab: http: //stackoverflow:8080/Application2URL/
You will notice that the application1 session will immediately expire (“Session Expired. Please login again.”). This happens as soon as the application2 login screen appears
If you try to login back into application1 you will get a message saying the user is already logged in (“User is already logged in. Do you want to force logout the other session ?”)
Kindly suggest any ideas to debug the issue.
Your applications probably invalidate sessions for each other. For example they are looking for some attribute in the session and if it is not found they invalidate session. Since same sessionId is shared by default across applications, once the second app invalidate the session the id is changed and first app cannot find its session any more.
Go to one of your applications and change session cookie name to something different.
In web admin console click Enterprise Applications > yourApp > Session management
Check Override session management and click Apply and Save
Click Enable cookies link, and change default cookie name to something custom. Click OK and Save changes
Restart application.
Your applications shouldn't logout each other anymore.

Flex logout functionality in AIR application

After login, I am navigating from Login ViewStack to Application ViewStack in Flex 4 AIR application.
In the Application ViewStack, datagrids and other controls are populated with data from server.
Now, on logout, I am switching back to Login ViewStack. However, on login again, I can see data populated earlier.
How could I reset all the fields in Application ViewStack on logout. I thought of 2 approaches:
1. Reset all fields in the Application ViewStack individually. But, then for every addition of control, I have to update logout.
2. Could I use navigateToURL() in AIR application to solve this problem?
From your description I'm a little confused - I'm assuming that your application ViewStack has a number of different views, and you need to have each of them clear their state when logout occurs.
I can think of a couple of ideas:
1) Have each of the views add an event listener for a logout event, and dispatch the event when logout occurs. The event listener would clear the data when logout occurs.
2) Iterate through the ViewStack children, and call a logout method on each one.
My personal preference is for (1), since (2) requires that all the children of the ViewStack implement the logout method - too tightly coupled for reuse.

Handling multiple sessions for same user credentials and avoiding new browser window opening in my web application

I want to handle following scenarios in my new web application.
If multiple users log into the application with same credentials, the application should deny access.
Since I have out of process session store, I would be able to make out when this situation happens. So I can deny all requests after first successful attempt. This will however not work if the user instead of logging out of the application, closes the browser. The session will continue to reflect in the store for the period of timeout value.
If a user attempts to open a new browser windows (Ctrl+N), the application should defeat this attempt. Every new page can potentially fiddle with cookies. I want to therefore deny the users the ability to open new window.
How about?
Having a server timer and then track users session. Reset the timer when you get the request back to the server.
Not possible. Ctrl + N is for opening a new browser window and this does not mean that the user is going to visit your site.
Also check out this question which might be of some interest.
How to differ sessions in browser-tabs?

Resources