Index: lams_build/lib/lams/lams.jar =================================================================== RCS file: /usr/local/cvsroot/lams_build/lib/lams/lams.jar,v diff -u -r1.420.2.56 -r1.420.2.57 Binary files differ Index: lams_central/src/java/org/lamsfoundation/lams/web/SessionListener.java =================================================================== RCS file: /usr/local/cvsroot/lams_central/src/java/org/lamsfoundation/lams/web/SessionListener.java,v diff -u -r1.7.22.4 -r1.7.22.5 --- lams_central/src/java/org/lamsfoundation/lams/web/SessionListener.java 23 Oct 2015 16:13:47 -0000 1.7.22.4 +++ lams_central/src/java/org/lamsfoundation/lams/web/SessionListener.java 4 Feb 2016 12:35:18 -0000 1.7.22.5 @@ -41,6 +41,7 @@ import org.lamsfoundation.lams.util.ConfigurationKeys; import org.lamsfoundation.lams.util.LanguageUtil; import org.lamsfoundation.lams.web.filter.LocaleFilter; +import org.lamsfoundation.lams.web.session.SessionManager; import org.lamsfoundation.lams.web.util.AttributeNames; /** @@ -95,8 +96,12 @@ if (session != null) { UserDTO userDTO = (UserDTO) session.getAttribute(AttributeNames.USER); if (userDTO != null) { - Principal principal = new SimplePrincipal(userDTO.getLogin()); + String login = userDTO.getLogin(); + Principal principal = new SimplePrincipal(login); SessionListener.authenticationManager.flushCache(principal); + // remove obsolete mappings to session + // the session is either already invalidated or will be very soon by another module + SessionManager.removeSession(login, false); } } } Index: lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java =================================================================== RCS file: /usr/local/cvsroot/lams_common/src/java/org/lamsfoundation/lams/integration/security/Attic/SsoHandler.java,v diff -u -r1.1.2.13 -r1.1.2.14 --- lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java 3 Jan 2016 11:15:49 -0000 1.1.2.13 +++ lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java 4 Feb 2016 12:35:17 -0000 1.1.2.14 @@ -96,11 +96,16 @@ // store session so UniversalLoginModule can access it SessionManager.startSession(request); + // do the logging in UniversalLoginModule or cache handler.handleRequest(exchange); if (!StringUtils.isBlank(login) && login.equals(request.getRemoteUser())) { session.setAttribute(AttributeNames.USER, userDTO); + // remove an existing session for the given user + SessionManager.removeSession(login, true); + // register current session as the only one for the given user + SessionManager.addSession(login, session); } SessionManager.endSession(); Index: lams_common/src/java/org/lamsfoundation/lams/web/session/SessionManager.java =================================================================== RCS file: /usr/local/cvsroot/lams_common/src/java/org/lamsfoundation/lams/web/session/SessionManager.java,v diff -u -r1.22.2.6 -r1.22.2.7 --- lams_common/src/java/org/lamsfoundation/lams/web/session/SessionManager.java 3 Jan 2016 11:15:49 -0000 1.22.2.6 +++ lams_common/src/java/org/lamsfoundation/lams/web/session/SessionManager.java 4 Feb 2016 12:35:17 -0000 1.22.2.7 @@ -35,7 +35,8 @@ // singleton private static SessionManager sessionManager; - private static final Map sessionContainer = new ConcurrentHashMap(); + private static final Map sessionIdMapping = new ConcurrentHashMap(); + private static final Map loginMapping = new ConcurrentHashMap(); private ThreadLocal currentSessionIdContainer = new ThreadLocal(); // various classes need to have to access these @@ -60,12 +61,12 @@ } /** - * Proxy to a HTTP session. + * Stores session in current thread and mapping so other modules can refer to it. */ public static void startSession(HttpServletRequest request) { HttpSession session = request.getSession(); String sessionId = session.getId(); - SessionManager.sessionContainer.put(sessionId, session); + SessionManager.sessionIdMapping.put(sessionId, session); SessionManager.sessionManager.currentSessionIdContainer.set(sessionId); } @@ -78,6 +79,33 @@ } /** + * Registeres the session for the given user. + */ + public static void addSession(String login, HttpSession session) { + SessionManager.loginMapping.put(login, session); + } + + /** + * Unregisteres the session for the given user. + */ + public static void removeSession(String login, boolean invalidate) { + HttpSession session = SessionManager.loginMapping.get(login); + if (session != null) { + SessionManager.loginMapping.remove(login); + SessionManager.sessionIdMapping.remove(session.getId()); + + if (invalidate) { + try { + session.invalidate(); + } catch (IllegalStateException e) { + System.out.println("SessionMananger invalidation exception"); + // if it was already invalidated, do nothing + } + } + } + } + + /** * Get system level HttpSession by current session id. */ public static HttpSession getSession() { @@ -89,14 +117,14 @@ * Get system session by given session id. */ public static HttpSession getSession(String sessionId) { - return sessionId == null ? null : SessionManager.sessionContainer.get(sessionId); + return sessionId == null ? null : SessionManager.sessionIdMapping.get(sessionId); } /** * Returns number of sessions stored in the container. */ public static int getSessionCount() { - return sessionContainer.size(); + return SessionManager.sessionIdMapping.size(); } public static void setServletContext(ServletContext servletContext) { @@ -108,10 +136,10 @@ } public static String getJvmRoute() { - return jvmRoute; + return SessionManager.jvmRoute; } public static void setJvmRoute(String jvmRoute) { - SessionManager.jvmRoute = jvmRoute; + SessionManager.jvmRoute = jvmRoute; } } \ No newline at end of file