Index: lams_build/lib/lams/lams.jar =================================================================== diff -u -rfd548775b27e55e166b21e4560208b59b9ae7ed6 -rb12da40950a8f9e56f46af0baffd5fa83097c0db Binary files differ Index: lams_central/src/java/org/lamsfoundation/lams/web/SessionListener.java =================================================================== diff -u -r8482164570cc9e8db87a1419dc6944c58553b327 -rb12da40950a8f9e56f46af0baffd5fa83097c0db --- lams_central/src/java/org/lamsfoundation/lams/web/SessionListener.java (.../SessionListener.java) (revision 8482164570cc9e8db87a1419dc6944c58553b327) +++ lams_central/src/java/org/lamsfoundation/lams/web/SessionListener.java (.../SessionListener.java) (revision b12da40950a8f9e56f46af0baffd5fa83097c0db) @@ -41,6 +41,7 @@ import org.lamsfoundation.lams.util.ConfigurationKeys; import org.lamsfoundation.lams.util.LanguageUtil; import org.lamsfoundation.lams.web.filter.LocaleFilter; +import org.lamsfoundation.lams.web.session.SessionManager; import org.lamsfoundation.lams.web.util.AttributeNames; /** @@ -95,8 +96,12 @@ if (session != null) { UserDTO userDTO = (UserDTO) session.getAttribute(AttributeNames.USER); if (userDTO != null) { - Principal principal = new SimplePrincipal(userDTO.getLogin()); + String login = userDTO.getLogin(); + Principal principal = new SimplePrincipal(login); SessionListener.authenticationManager.flushCache(principal); + // remove obsolete mappings to session + // the session is either already invalidated or will be very soon by another module + SessionManager.removeSession(login, false); } } } Index: lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java =================================================================== diff -u -r3b35f079ed7194371481503fe4f0a0462f2cbe63 -rb12da40950a8f9e56f46af0baffd5fa83097c0db --- lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java (.../SsoHandler.java) (revision 3b35f079ed7194371481503fe4f0a0462f2cbe63) +++ lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java (.../SsoHandler.java) (revision b12da40950a8f9e56f46af0baffd5fa83097c0db) @@ -96,11 +96,16 @@ // store session so UniversalLoginModule can access it SessionManager.startSession(request); + // do the logging in UniversalLoginModule or cache handler.handleRequest(exchange); if (!StringUtils.isBlank(login) && login.equals(request.getRemoteUser())) { session.setAttribute(AttributeNames.USER, userDTO); + // remove an existing session for the given user + SessionManager.removeSession(login, true); + // register current session as the only one for the given user + SessionManager.addSession(login, session); } SessionManager.endSession(); Index: lams_common/src/java/org/lamsfoundation/lams/web/session/SessionManager.java =================================================================== diff -u -r3b35f079ed7194371481503fe4f0a0462f2cbe63 -rb12da40950a8f9e56f46af0baffd5fa83097c0db --- lams_common/src/java/org/lamsfoundation/lams/web/session/SessionManager.java (.../SessionManager.java) (revision 3b35f079ed7194371481503fe4f0a0462f2cbe63) +++ lams_common/src/java/org/lamsfoundation/lams/web/session/SessionManager.java (.../SessionManager.java) (revision b12da40950a8f9e56f46af0baffd5fa83097c0db) @@ -35,7 +35,8 @@ // singleton private static SessionManager sessionManager; - private static final Map sessionContainer = new ConcurrentHashMap(); + private static final Map sessionIdMapping = new ConcurrentHashMap(); + private static final Map loginMapping = new ConcurrentHashMap(); private ThreadLocal currentSessionIdContainer = new ThreadLocal(); // various classes need to have to access these @@ -60,12 +61,12 @@ } /** - * Proxy to a HTTP session. + * Stores session in current thread and mapping so other modules can refer to it. */ public static void startSession(HttpServletRequest request) { HttpSession session = request.getSession(); String sessionId = session.getId(); - SessionManager.sessionContainer.put(sessionId, session); + SessionManager.sessionIdMapping.put(sessionId, session); SessionManager.sessionManager.currentSessionIdContainer.set(sessionId); } @@ -78,6 +79,33 @@ } /** + * Registeres the session for the given user. + */ + public static void addSession(String login, HttpSession session) { + SessionManager.loginMapping.put(login, session); + } + + /** + * Unregisteres the session for the given user. + */ + public static void removeSession(String login, boolean invalidate) { + HttpSession session = SessionManager.loginMapping.get(login); + if (session != null) { + SessionManager.loginMapping.remove(login); + SessionManager.sessionIdMapping.remove(session.getId()); + + if (invalidate) { + try { + session.invalidate(); + } catch (IllegalStateException e) { + System.out.println("SessionMananger invalidation exception"); + // if it was already invalidated, do nothing + } + } + } + } + + /** * Get system level HttpSession by current session id. */ public static HttpSession getSession() { @@ -89,14 +117,14 @@ * Get system session by given session id. */ public static HttpSession getSession(String sessionId) { - return sessionId == null ? null : SessionManager.sessionContainer.get(sessionId); + return sessionId == null ? null : SessionManager.sessionIdMapping.get(sessionId); } /** * Returns number of sessions stored in the container. */ public static int getSessionCount() { - return sessionContainer.size(); + return SessionManager.sessionIdMapping.size(); } public static void setServletContext(ServletContext servletContext) { @@ -108,10 +136,10 @@ } public static String getJvmRoute() { - return jvmRoute; + return SessionManager.jvmRoute; } public static void setJvmRoute(String jvmRoute) { - SessionManager.jvmRoute = jvmRoute; + SessionManager.jvmRoute = jvmRoute; } } \ No newline at end of file