Reputation: 1853
Sessions handling in Vaadin
I have a Vaadin application that starts with a user login, but the problem is with Vaadin is the session handling as I can open two sessions from 2 different browsers with the same login which should not be possible to do. But I did not find any documentation regarding that besides this topic but it's not working properly as the data are not saved in the hashmap correctly.Anyone got the same problem?
Upvotes: 4
Views: 6093
Answers (3)
Reputation:
How to prevent concurrent logins?
I keep track of logins using a self-generated login-token. A random string between 32 and 128 bytes in length that gets stored in a cookie and a backend database, typically under a user's account.
If User (A) shares her login credentials with User (B) a new login-token is generated for the new login and stored in a cookie and updated in the backed database.
If User (A) (who might for example already be logged in) attempts to perform an action while User (B) has just logged-in, User (A)'s session will be destroyed and she'll be redirected to the login screen after a backend test confirmed her login-token isn't a match.
Think of Sessions and Logins as two different things. Sessions can be generated all day long, but login STATE should be stored in a central store.
Upvotes: 2
Reputation: 4967
Vaadin 7 works by default so that it creates everytime a new UI instance when a new browser tab is opened (or the tab is refreshed). You should store information about current user to VaadinSession or standard HttpSession and check in UI.init() if the session contains user information.
To store information into VaadinSession one can say:
VaadinSession.getCurrent().setAttribute("currentUser", currentUser)
HttpSession can be accessed as follows in Vaadin:
VaadinSession.getCurrent().getSession()
Please note that VaadinSessions are stored into HttpSession and HttpSession can contain multiple VaadinSessions if multiple Vaadin servlets are deployed from the same war file, and the user uses those at the same time.
Upvotes: 4
Reputation: 215
You can save all logged users to static Set. Static variables are globally shared. On start app, check whether the collection is already login.
Upvotes: 0
Related Questions
- Vaadin 14 addDestroyListener for session other way than by int SessionDestroyListener
- Session replication with VaadinSession not working
- Vaadin Session Management - How does it work?
- How to get all sessions in Vaadin
- How to manage sessions in Vaadin 10?
- Vaadin SessionDestroyListener session access
- Checking if a session variable exists in Vaadin
- How to support user session to Vaadin project
- Vaadin 7 Session Id
- Preserve Vaadin session data