Results 1 to 6 of 6
  1. #1
    Administrator
    Join Date
    Jul 2006
    Location
    Milan, Italy
    Posts
    515

    Forcing Session Termination

    There exist cases where you could need to disconnect a user from Lightstreamer Server. For example, if a user logs in multiple times from different clients and you don't want to support multiple push sessions for the same account. Or perhaps you may want to disconnect a user after a given amount of time since login.

    Let's see some different scenarios and solutions.

    A) You have one instance of Lightstreamer Server only and you don't want to allow more than one session per user.
    In this case, you will simply throw a ConflictingSessionException from the notifyNewSession method of your Metadata Adapter.

    B) You want to force a session termination (and disconnection of that user) at any time, on any instance of Lightstreamer Server, from any piece of code running anywhere.
    You have three ways of doing that, depending on the Lightstreamer edition you are using and the technology yo employ, as detailed below:

    B1) [Lightstreamer Vivace - Java only] Use JMX (Java Management eXtensions, which is a standard specification that allows an application to be controlled both internally and externally and both manually and automatically). Lightstreamer Server exposes a set of MBeans that give full control over the engine and the sessions.
    Since Server version 6.0, the simplest way to terminate a session through JMX is by calling the destroySession(sessionId) method on the ResourceMBean object.
    With previous versions, you just need to call the destroySession() method on the appropriate SessionMBean object.
    You can access MBean objects both from inside your Adapter and from any external Java application.
    A source code example is available from a previous post, where the Metadata Adapter causes a session to be closed after it has lived longer than five minutes. The example is based on the SessionMBean technique.

    B2) [Lightstreamer Moderato,Allegro,Presto,Vivace - any technology]Send a special HTTP request to a Lightstreamer Server instance to force a session termination. The sessionId of the session to terminate is sent as a parameter. SessionIds are random and complex enough to be quite impossible to guess, so no specific authentication is required to send such request.

    For Lightstreamer Presto and Vivace, the syntax of this HTTP request is explained in section 4.3.4 of “Network Protocol Tutorial.pdf”. A source code example is available from a previous post (see first code snippet), where the Metadata Adapter causes a session to be closed after it has lived longer than five minutes.

    For Lightstreamer Moderato and Allegro, the syntax of this HTTP request is a bit different and is directly explained in the source code example of the previous post (see second code snippet), where the Metadata Adapter causes a session to be closed after it has lived longer than five minutes.
    This solution works with Lightstreamer Presto and Vivace too, making it a truly general solution that works with all the editions of Lightstreamer.

    Now that you have general means to force a session termination both locally or remotely, you can leverage such means to build a simple system for managing session limits across the server cluster. Basically, your Metadata Adapter instances can keep track, through a central DB or some memory sharing mechanism, of the node on which each session for each user is living. When a user tries to create a new session, you query the DB to know if they are allowed to have one more session. If they aren't, you could decide to force the termination of an existing session.

  2. #2
    Member
    Join Date
    Feb 2016
    Location
    Arlington, VA
    Posts
    3
    I know this thread is a bit old, but still very relevant to my use case as described below.

    We wanted to ensure that upon the user hitting logout, all streaming sessions to LS be terminated. The obvious solution is to modify the above code, group the sessions for a given user together, and then raise a disconnect call on one of the open 'LightstreamerClient' object. However, architecture tells me that logout event is loosely coupled with the many, many applications in the portal and it only servers to call an HTTP request to invalidate the session cookie.

    I expected that i would be able to extract LS sessions from the HTTP header and call LS server for session termination, but LS documentation tells me that is not possible ( please correct if i am wrong). Putting a cached map of user to session_id's somewhere in the global cache has system engineering in a fit so will be a hard sell.

    So, please advice if there is another solution to extract LS session information from the headers, or another way to disconnect user sessions which is not based on LS session_id's. Thanks a lot for any advice you can give.

  3. #3
    Administrator
    Join Date
    Feb 2012
    Location
    Milano
    Posts
    505
    Hi link2tdss,

    I am very sorry but I am not sure to understand the scenario you described.

    Please, could you confirm that your aim is to have a component, between the client and the server, that collects sessions id of all streaming sessions opened by a user, and when detects the logout for the user, proceeds to disconnect all the sessions upon Lightstreamer server?

    Thank you,
    Giuseppe

  4. #4
    Member
    Join Date
    Feb 2016
    Location
    Arlington, VA
    Posts
    3
    Giuseppe

    Thanks for replying.

    I do not need a component to collect the session_id's. Rather, i need a mechanism by which ongoing LS sessions ( their sessions_ids) in a browser window can be discovered by a web server from an HTTP request made from the browser. In other words, consider a browser, having an open session with both a web server and LS server, which then sends an HTTP request back to the web server and the server then tries to figure out the on-going LS sessions through the HTTP headers.

    Let me know if i am still not clear and i will elaborate more. I have not seen such a mechanism documented anywhere so asking for advice.

    Thanks
    Tarun

  5. #5
    Administrator
    Join Date
    Feb 2012
    Location
    Milano
    Posts
    505
    Hi link2tdss,

    The latest client JavaScript libraries provide the following method, getSessionId, or alternatively the opportunity to detect the change of the session id through this listener.
    Then your browser application can freely arrange an HTTP request for your web server with session id packed somehow.

    But please, consider also the option to let the LS server and web server cooperate for this purpose. In fact, through the method notifyNewSession your adapter could keep updated the web server with a User-SessionsIds map.

    Please let me know if one of this options may be helpful in your case.

    Regards,
    Giuseppe

  6. #6
    Member
    Join Date
    Feb 2016
    Location
    Arlington, VA
    Posts
    3
    Giuseppe

    Thanks for the reply and the options. I will have to refer this to engineering team to come up with the option that is acceptable to all. Will definitely post back with whatever we choose.

    Thanks
    Tarun

 

 

Similar Threads

  1. Replies: 1
    Last Post: June 7th, 2010, 12:13 PM
  2. Session Limitation
    By gani in forum Client APIs
    Replies: 6
    Last Post: May 19th, 2010, 10:30 AM
  3. Security patterns: Forcing disconnection
    By churrusco in forum General
    Replies: 15
    Last Post: April 20th, 2010, 09:46 AM
  4. Session closed
    By EWANG in forum Client APIs
    Replies: 7
    Last Post: April 16th, 2010, 06:09 PM
  5. How to close Session in LS?
    By spganesh in forum Client APIs
    Replies: 1
    Last Post: February 10th, 2010, 11:23 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT +1. The time now is 08:44 AM.