Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / General / July 2006

Tip: Looking for answers? Try searching our database.

swing app, how to make logout after time out

Thread view: 
Enable EMail AlertsStart New Thread
John_Woo - 07 Jul 2006 12:26 GMT
Hi,

I'm wondering, what's the idea to enable a swing app logout user as
soon as the session time out?

This's a online app as well, but what I want is, the JFrame itself
controls the logout, and send the logout time to server via socket.

The requirement is that, whenever a button clicked or menu items
changed by clicking on the sub-menu icon, then the session time refresh
to 0; Every icon in menu bar associated with a panel, and the buttons
on button-bar associated with actions.

This attemption leads to a challenging question: how to prevent user
changing the computer's time before session time out, to always keep
alive (I know we can use the server's time, but that is not a good
choose as there may be up to 1 million of users and the session time is
not stored in table)?

--
Thanks
John
Toronto
Reply to this Message
Rogan Dawes - 07 Jul 2006 13:18 GMT
> Hi,
>
[quoted text clipped - 19 lines]
> John
> Toronto

If the session time is not stored on the server, the user has full
control over your application (reverse-engineering it, etc), and can
disable the timeout if desired.

The only secure way to implement this is to keep the session timeout
value on the server. You can ALSO keep it on the client, to allow you to
perform user-friendly actions (display a dialog, etc), but it MUST be
kept on the server too.

If you are planning on supporting 1 million simultaneous users, I
imagine that you'll have sufficient servers clustered to allow you to
maintain a session timeout too.

Regards,

Rogan
Reply to this Message
Bob - 07 Jul 2006 13:35 GMT
> Hi,
>
[quoted text clipped - 19 lines]
> John
> Toronto

what about getting the local time when the app initializes and then
storing it and using it as reference? then even if the user changes the
comp's time, the initial time is stored and refrenced from?

just a thought....
Reply to this Message
Oliver Wong - 07 Jul 2006 15:51 GMT
> what about getting the local time when the app initializes and then
> storing it and using it as reference? then even if the user changes the
> comp's time, the initial time is stored and refrenced from?

   Let's say you get the local time when the app initializes, and it's
1152283228 (milliseconds since the Unix epoch). Some amount of time passes,
and the user modifies the system clock, and you get the time again, just to
check stuff. It says 1152283228 again. I.e. it would seem from your
perspective that zero time has passed, although in actuallity perhaps
several hours have elapsed.

   - Oliver
Reply to this Message
Bob - 07 Jul 2006 16:48 GMT
> > what about getting the local time when the app initializes and then
> > storing it and using it as reference? then even if the user changes the
[quoted text clipped - 8 lines]
>
>     - Oliver

yeap, your right, sorry, it was not thought out on my end.
Reply to this Message
Daniel Dyer - 07 Jul 2006 21:33 GMT
> Hi,
>
[quoted text clipped - 8 lines]
> to 0; Every icon in menu bar associated with a panel, and the buttons
> on button-bar associated with actions.

Use this to receive all of system-wide the AWTEvents (filtered by the mask  
you specify):

http://java.sun.com/j2se/1.5.0/docs/api/java/awt/Toolkit.html#addAWTEventListene
r(java.awt.event.AWTEventListener,  
long)

You can then implement a single method to reset the timeout.

> This attemption leads to a challenging question: how to prevent user
> changing the computer's time before session time out, to always keep
> alive (I know we can use the server's time, but that is not a good
> choose as there may be up to 1 million of users and the session time is
> not stored in table)?

Use this, it only measures elapsed time, not wall-clock time:

http://java.sun.com/j2se/1.5.0/docs/api/java/lang/System.html#nanoTime()

Dan.

Signature

Daniel Dyer
http://www.dandyer.co.uk

Reply to this Message
Thomas Hawtin - 08 Jul 2006 09:06 GMT
>> The requirement is that, whenever a button clicked or menu items
>> changed by clicking on the sub-menu icon, then the session time refresh
[quoted text clipped - 6 lines]
> http://java.sun.com/j2se/1.5.0/docs/api/java/awt/Toolkit.html#addAWTEventListene
r(java.awt.event.AWTEventListener,
> long)

You wont be able to do that from a secure WebStart/JNLP application or
applet. But you should be able to override EventQueue.dispatchEvent
(although external copy & paste will stop working). Overriding postEvent
wont work as Toolkits generally don't go through it.

http://download.java.net/jdk6/docs/api/java/awt/EventQueue.html#dispatchEvent(ja
va.awt.AWTEvent)

Tom Hawtin
Signature

Unemployed English Java programmer
http://jroller.com/page/tackline/

Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.