Stop current user session

Romuald · August 13, 2009, 1:37pm

Hi all,

Vaadin manage himself user sessions. After form login user is authentificated and the application run himself.

I want to manage the session in different ways.

1 - I want to control timeout … Change session expiration timeout …
2 - I want to make button to “disconnect” user (kill session).
3 - I need to save users parameters in user session … How can i ?

Thanks for your help.

Sami · August 14, 2009, 7:08am

Hi there,

The answer to most of you question lies within the
WebApplicationContext
. From there you get the handle to underlying HttpSession.

To save value in the users session:

WebApplicationContext webCtx = (WebApplicationContext)  application.getContext();
HttpSession session = webCtx.getHttpSession();
session.setAttribute("key", "value");

You can also call session.invalidate() to explicitly kill the session, but I would suggest to take a look at
Application.close()
That kills only the current application (not the whole HttpSession).

Marc · August 14, 2009, 7:14am

You should be able to do this with something like:

int timeoutSeconds = 30;
((WebApplicationContext)getApplication().getContext()).getHttpSession().setMaxInactiveInterval(timeoutSeconds)

This will close the session:

getApplication().close();

If you want this to send the user to a specific URL (e.g a “You have been logged out” -page), do this before close():

getApplication().setLogoutURL(logoutURL);

Not sure what you mean by this; note that the whole application state is maintained for the whole duration of the session, so you can just keep stuff in normal variables - no need to explicitly save parameters in the session object (this differs from many frameworks, and can be a surprise - just forget it’s a webapp, and pretends it’s a desktop app).
However, if you for some reason need to save stuff in the session object, you can get the HttpSession as in question 1, then use setAttribute().
Or perhaps I misunderstood?

Hope this helps!

Best Regards,
Marc

Valtteri · September 9, 2009, 12:11pm

Marc Englund:

James MAIRE:

1 - I want to control timeout … Change session expiration timeout …

You should be able to do this with something like:
int timeoutSeconds = 30;
((WebApplicationContext)getApplication().getContext()).getHttpSession().setMaxInactiveInterval(timeoutSeconds)

[/quote]

You should also be able to set this in a more traditional way in web.xml:


	<session-config>
		<session-timeout>30</session-timeout>
	</session-config>

Marc Englund:

James MAIRE:

2 - I want to make button to “disconnect” user (kill session).

This will close the session:
getApplication().close();
If you want this to send the user to a specific URL (e.g a “You have been logged out” -page), do this before close():
getApplication().setLogoutURL(logoutURL);

Do note as was stated before, getApplication().close(); doesn’t actually close the session, just the application. You can run into problems using this if you store data directly into the session. invalidate() is safer if you don’t need the session for anything else.

If you’re running a pure Vaadin environment, then just use a normal variable like Marc said. If you need your user data to be visible elsewhere, for example a Spring framework backing the UI level or JSP pages alongside Vaadin, then the session.setAttribute() Marc mentioned works well.

In our Spring & Vaadin app, we use a session managed bean to hold user information. We inject this bean into Vaadin objects when necessary using load-time weaving.

Meet · November 11, 2010, 9:09am

Hi Sami,

the above code you mentioned is throwing a null pointer exception…

Plz help…

Thanks,
Meet Parikh

Jens · February 10, 2011, 2:02pm

getApplication() can’t be called before the component you are in is attached to a view, which is attached to the application. For this reason you can’t call it from any constructor, for example. If this is the case, you have get the application reference in another way, like by passing the Application instance around or using the ThreadLocal pattern.