As a rising star, JSP plays a certain role in the Server programming environment and is closely related to its good support of a series of industry standards. Session is one of the infrastructure it provides. As a programmer, you can easily implement simple session-based user management without worrying about how the client is implemented. There are several different processing methods for online users.
One is that page refresh is controlled by the user, and the server controls a timeout time, for example, 30 minutes. After the time, the user is kicked out without any action. The advantage of this method is that if the user forgets to quit, it can prevent malicious operations by others. The disadvantage is that if you are doing a very time-consuming task that exceeds this time limit, you may have to log on again when submit. If the original page is forced to expire, your work may be lost. From the implementation perspective, this is the simplest, and the default implementation on the server side is this mode.
Another way is that the site uses a frame structure, and a frame or hidden IFRAME is constantly refreshing, so that you will never be kicked out, but the server is trying to determine whether you are online, you need to set a daze time. If you have not refreshed any other leaves except the automatically refreshed ones, you will think that you are no longer online. The typical method is xici.net. Its advantage is that it can use constant refreshing to implement some functions similar to server-Push, such as sending messages between netizens.
No matter which mode, some additional work is required to browse all online users. The servlet API does not obtain the session List API.
The listener. servlet 2.2 and 2.3 specifications are slightly different here. Httpsessionbindinglistener in 2.2 can notify you of classes when the attribute in an httpsession changes. Httpsessionattributelistener is also introduced in 2.3. since the environments I use are Visual Age for Java 4 and JRun Server 3.1, they do not directly support servlet 2.3 programming. Here I use httpsessionbindinglistener.
What needs to be done includes creating a new class to implement the httpsessionbindinglistener interface. This interface has two methods:
Public void valuebound (httpsessionbindingevent event) Public void valueunbound (httpsessionbindingevent event)
When you execute session. when addattriund (string, object) is used, if you have added a class that implements the httpsessionbindinglistener interface as attribute, the session will notify you of the class and call your valuebound method. On the contrary, the session. removeattribute method corresponds to the valueundound method.
Public class httpsessionbinding implements javax. servlet. HTTP. httpsessionbindinglistener {servletcontext application = NULL; Public httpsessionbinding (servletcontext application) {super (); If (Application = NULL) throw new illegalargumentexception ("null application is not accept. "); this. application = application;} public void valuebound (javax. servlet. HTTP. httpsessionbindingevent e) {Vector Active Sessions = (vector) application. getattribute ("activesessions"); If (activesessions = NULL) {activesessions = new vector ();} jdbcuser sessionuser = (jdbcuser) E. getsession (). getattribute ("user"); If (sessionuser! = NULL) application. setattribute ("activesessions", activesessions);} public void valueunbound (javax. servlet. HTTP. httpsessionbindingevent e) {jdbcuser sessionuser = (jdbcuser) E. getsession (). getattribute ("user"); If (sessionuser = NULL) {vector activesessions = (vector) application. getattribute ("activesessions"); If (activesessions! = NULL )}}}
Assume that the jdbcuser class is an arbitrary user class. During User logon, add both the user class and httpsessionbinding class to the session.
In this way, each time a user logs on, a record will be added to the vector attribute "activesessions" in the application. Whenever the session times out, valueunbound is triggered. In this vector, delete the session to be timed out.
Public void login () throws aclexception, sqlexception, ioexception {/* Get JDBC user class */If (user! = NULL) {// If session time out, or user didn't login, save the target URL temporary. jdbcuserfactory UF = new jdbcuserfactory (); If (this. request. getparameter ("userid") = NULL) | (this. request. getparameter ("password") = NULL) {Throw new aclexception ("Please input a valid username and password. ");} jdbcuser user = (jdbcuser) UF. userlogin (this. request. getparameter ("userid"), this. request. getparameter ("password"); User. touchlogintime (); this. session. setattribute ("user", user); this. session. setattribute ("bindingnotify", new httpsessionbinding (Application ));}}
When using login, add the user and the bindingnotofy class to the session. When logout is used, the session is automatically deleted from the activesessions vector.
Public void logout () throws sqlexception, aclexception {If (this. user = NULL & this. session. getattribute ("user") = NULL) vector activesessions = (vector) This. application. getattribute ("activesessions"); If (activesessions! = NULL) Java. util. enumeration E = This. session. getattributenames (); While (E. hasmoreelements () {string S = (string) E. nextelement (); this. session. removeattribute (s);} This. user. touchlogouttime (); this. user = NULL ;}
These two functions are located in an httpsessionmanager class. This class references the application Global Object in JSP. Other codes of this class have nothing to do with this article, and I will not post it.
Next let's take a look at how to use JSP.
Assume that a login form is submitted to dologin. jsp, which contains the username and password fields. Excerpt:
Error:
Press here to relogin.
Now let's take a look at how we get a list of online users.
Sessioniduserlogin timelast access time
The above code extracts activesessions from the application and displays the specific time. The beacondate class is assumed to be the formatting time class.
In this way, we get a framework for viewing the list of online users. This article will not discuss online user list paging and other functions.
This is an example of a non-Refresh model, depending on the Session Timeout mechanism. My colleague sonymusic pointed out that many times, due to different manufacturers' ideas, this may be untrusted. To meet this requirement, You need to judge whether the current user has exceeded a specified time value from the time used last time when each page is refreshed. In essence, session timeout is achieved by yourself. If you need to refresh the model, you must use this method to refresh each page.