multiple sessions overwriting each others' data

Thread: multiple sessions overwriting each others' data

Search this list only Search all lists
multiple sessions overwriting each others' data
	2006-09-27 20:28:38
Hi, ok, here is my liitle LoginAction /** * Log in. / public class MyLoginUser extends LoginUser { private static Log log = LogFactory.getLog(MyLoginUser.class); private void logout(RunData data, String message) throws UnknownEntityException { Configuration conf = Turbine.getConfiguration(); // Set Error Message and clean out the user. data.setMessage(message); data.setUser(TurbineSecurity.getAnonymousUser()); String loginTemplate = conf.getString(TurbineConstants.TEMPLATE_LOGIN); if (StringUtils.isNotEmpty(loginTemplate)) { // We're running in a templating solution data.setScreenTemplate(loginTemplate); } else { data.setScreen(conf.getString(TurbineConstants.SCREEN_LOGIN) ); } } / * (non-Javadoc) * see org.apache.turbine.modules.Action#doPerform(org.apache.turbi ne.util.RunData) / public void doPerform(RunData data) throws TurbineSecurityException { String username = data.getParameters().getString(CGI_USERNAME, ""); String password = data.getParameters().getString(CGI_PASSWORD, ""); if (StringUtils.isEmpty(username)) { return; } try { synchronized (this.getClass()) { // Authenticate the user and get the object. User user = TurbineSecurity.getAuthenticatedUser(username, password); if(user == null) log.error("User retrieved from TurbineSecurity is null"); Iterator activeSessions = TurbineSession.getActiveSessions().iterator(); while (activeSessions.hasNext()) { HttpSession sess = (HttpSession) activeSessions.next(); User au = TurbineSession.getUserFromSession(sess); if(au == null) log.error("User retrieved from Session is null"); if (au != null && user != null) { if (au.getId() == user.getId()) { sess.invalidate(); } } } // Store the user object. data.setUser(user); // Mark the user as being logged in. user.setHasLoggedIn(Boolean.TRUE); // Set the last_login date in the database. user.updateLastLogin(); // This only happens if the user is valid; otherwise, we // will get a valueBound in the User object when we don't // want to because the username is not set yet. Save the // User object into the session. data.save(); / * If the setPage("template.vm") method has not * been used in the template to authenticate the * user (usually Login.vm), then the user will * be forwarded to the template that is specified * by the "template.home" property as listed in * TR.props for the webapp. / } } catch (Exception e) { Configuration conf = Turbine.getConfiguration(); log.error("Major Error Logging the User in", e); logout(data, conf.getString(TurbineConstants.LOGIN_ERROR, "")); } } } kind regards Juergen Hoffmann Shane Beasley schrieb: > Jürgen Hoffmann wrote: > >> So the question really is, how do you update the user? Through >> RunData.getUser().set...()? > > For better or worse, I learned Turbine/Torque by reading code from > another project by another developer. It operated directly upon the > TurbineUser object by means of the following method: > > public static TurbineUser getTurbineUser(RunData data) { > return > (TurbineUser)((TorqueUser)(data.getUser())).getPersistentObj (); > } > > Based on my experience, I get the feeling that there's something > better, but I don't know what that is, so I've stuck with the status quo. > > How do other people do this sort of thing? I can imagine using > RunData.getUser().getPerm/setPerm instead, although our current design > allows us to use foreign keys to build relationships between > TurbineUser and other tables/objects, whereas I don't think > getPerm/setPerm would do the same. > >> as you see, the object in the db will always be overwritten with the >> user that is stored inside the session. > > Yep, that's what's happening. Your sample code comes from the > LogoutUser action, which defers to TurbineSecurity.saveUser, which > defers to TurbineSecurityService.saveUser, which defers to > TorqueUserManager.store. As a consequence of that, I can also provide > my own user manager that does something different for > TorqueUserManager.store (e.g. make that* a no-op), except I don't > know what else will break if I do that. > >> I have implemented something, that only allowed one user to be logged >> in at a given time. If another user logs the second time, the first >> user is logged out automatically. If you are interested I can >> provide the source. > > Actually, I would like to see that code, if it's not a bother... > Thanks again! > > Shane > > ------------------------------------------------------------ --------- > To unsubscribe, e-mail: turbine-user-unsubscribejakarta.apache.org > For additional commands, e-mail: turbine-user-helpjakarta.apache.org > > !EXCUBATOR:1,451ac01b53078519116451! ------------------------------------------------------------ --------- To unsubscribe, e-mail: turbine-user-unsubscribejakarta.apache.org For additional commands, e-mail: turbine-user-helpjakarta.apache.org

multiple sessions overwriting each others' data
	2006-09-29 15:21:15
Jürgen Hoffmann wrote: > here is my liitle LoginAction Looks lovely. Unfortunately, I'm being multitasked at the moment (ah, the joys of working at a startup), but I think I'll be able to use this. Thanks again! Shane ------------------------------------------------------------ --------- To unsubscribe, e-mail: turbine-user-unsubscribejakarta.apache.org For additional commands, e-mail: turbine-user-helpjakarta.apache.org

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )