Question : How can I limit the amount of sessions that may be created using tomcat 5?

Im using a web server running tomcat 5 and I cannot figure out how to limit the amount of users that may have a session with my webapp concurrently (simultaneously). How can I limit the amount of sessions that may be created using tomcat 5?

Answer : How can I limit the amount of sessions that may be created using tomcat 5?

You could something like the code below to keep a count of the sessions.  You can check count before creating a session in each servlet and JSP.    In each JSP you could use  
<%@ page session="false" %>  
to avoid automatic  session creation.

1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35:

package rrz; import java.io.*; import java.util.*; import javax.servlet.*; import javax.servlet.http.*; public class SessionListener implements HttpSessionListener { HashSet sessionSet = null; ServletContext application = null; public void sessionCreated(HttpSessionEvent event) { HttpSession session = event.getSession(); if(application == null)application = session.getServletContext(); sessionSet = (HashSet)application.getAttribute("sessionSet"); if(sessionSet == null){ application.setAttribute("sessionSet",new HashSet()); sessionSet = (HashSet)application.getAttribute("sessionSet"); } sessionSet.add(session.getId()); } public void sessionDestroyed(HttpSessionEvent event) { sessionSet.remove(event.getSession().getId()); } } Register it in your web app's web.xml with rrz.SessionListener and test it on a JSP with <% session.setMaxInactiveInterval(3); // for easy testing %> Session count is <%=((HashSet)application.getAttribute("sessionSet")).size()%>

Open in New Window

Select All