Stack Overflow
Stack Overflow

Questions tagged [session-management]

Use tag when there are questions specific to session management in any domain (web, mobile, etc)

As per introduction of a Session:

Session management is the technique used by the web developer to make the stateless HTTP protocol support session state by making use of session variables.

For example, once a user has been authenticated to the web server, the user's next HTTP request (GET or POST) should not cause the web server to ask for the user's account and password again.

298 questions
3
votes
1 answer

lock mysql database table row on select

I am managing a pool of stateless session for a web service between users. So when a user request web service he start session and response timeout is 5 sec, so he can hold session for 5 sec max. second user comes in and system check if there is…
Tariq G
  • 346
  • 2
  • 9
3
votes
1 answer

How to notify user of another session using Spring Security?

I have a design/system requirement to notify a user, User-A, that there was another active session (by User-B) prior to User-A's login. How do you accomplish this using Spring Security? The scenario is this: John Doe logs in to the system using…
Jonathan
  • 2,244
  • 1
  • 23
  • 29
3
votes
2 answers

some questions/mystery about browser session and session Id?

As per my understanding same session is shared among different tabs of same browser window. And for different browser window , different session is created. Now some questions on my understanding:- 1)When i hit my web application in two different…
M Sach
  • 33,416
  • 76
  • 221
  • 314
3
votes
2 answers

Session Management in Spring Security

I'm new to Spring Security. I have a requirement to do a URL based authentication wherein a user needs to be authenticated based on a unique reference that will be sent every time as a parameter in the URL. I'll pass on this reference to a…
Mahesh Kumar
  • 49
  • 1
  • 1
  • 5
3
votes
1 answer

NHibernate problems with a session-per-request MVC appli

I've written a C# MVC 3 with NHibernate as the ORM and I'm having some odd exceptions thrown on most page loads. They seem to mostly relate to closed sessions and the like and I've checked most of the common issues but found little to help. Some of…
James
  • 489
  • 1
  • 5
  • 15
3
votes
1 answer

How to Implement Castle Windsor IScopeAccessor to provide NHibernate Session Per ViewModel using LifestyleScoped

I am looking for some help creating an implementation of IScopeAccessor, or finding a new solution, that will allow me to provide an NHibernate session per ViewModel. I know that Windsor now supports scoped lifestyles as seen (here). However the…
bdway
  • 95
  • 10
3
votes
1 answer

Spring Security session invalidation via logout

Just a question about Spring Security and session invalidation. When a session is invalidated by the ConcurrentSessionControlStrategy the session is removed from the SessionRegistry by calling the removeSessionInformation method however when a…
Rene
  • 266
  • 3
  • 9
3
votes
2 answers

Best practices for Web service user authentication and session management

As per the title, I am wondering what are some best practices for Web service user authentication and session management, mainly for backend implementation, especially using Java (J2EE). Has anyone published anything on the subject? What kind of…
Shaggy Frog
  • 27,575
  • 16
  • 91
  • 128
2
votes
1 answer

Spring 3.1 MVC framework Session Management

In my web application , am annotation based controllers (SPRING MVC). I wanted to implement SessionManagement in my application 1.) Any page within the application should not be idle for 15 minutes 2.) Pop-up should be opened, kind-of notification,…
Arun
  • 3,440
  • 11
  • 60
  • 108
2
votes
1 answer

Groovy session. How to find the user name

I am developing an application under Groovy using scafoldig. We are using the Acegi plugin for security. We have a class called ChangeManagement defined as follows (simplified version) class ChangeManagement { static constraints = { …
Luixv
  • 8,590
  • 21
  • 84
  • 121
2
votes
1 answer

How can I track sessions (session duration, where user logs in from, etc) using Google's default authentication on Appengine?

I would like to keep track of my users - who logs in, how long they are logged in for, where they log in from, etc. - from my GAE app. I'm wondering what is a good way to do this using the authentication mechanisms provided by Google. I can easily…
Sean M
  • 667
  • 5
  • 15
2
votes
0 answers

Session Management: Insufficient Session ID Entropy

The session ID variables in my endpoint are predictable and it shows vulnerability "Insufficient Session ID Entropy" in the scan result. I would like to ask if these variables can be modified? Also, the suggested fix is to ensure that the session ID…
Naori Kuni
  • 19
  • 3
2
votes
1 answer

Not able to implement session limiting in Spring Security with custom Filter

My requirement is to restrict multiple user login and allow only a single user to login at a time in the application. My Application is a spring boot application with JWT authentication implemented for user authorisation and authentication. I have…
Apeksha Saxena
  • 45
  • 1
  • 7
2
votes
0 answers

Properly manage user sessions in Keycloak and Kubernetes

I have KeyCloak deployed to kubernetes. When the pod restart for any reason (like a modification to the deployment) all user sessions are lost. I see in documentation that session can only be stored in-memory. While it will be replicated, I found no…
Alireza
  • 5,421
  • 5
  • 34
  • 67
2
votes
1 answer

How should frontend check session?

I'm developing user session management for a website. Flow: Session is nonexistent/invalid, frontend directs user to login page User logs in Backend creates session in its database Backend creates session ID cookie Frontend passes session ID cookie…
onepiece
  • 3,279
  • 8
  • 44
  • 63
1 2 3
19 20