current user count incorrect

8 messages

current user count incorrect

Reply Threaded

Is the "Current Users" page supposed to show the currently logged in users with open sessions?

It seems like it is, but I'm getting a bug when a user's browser doesn't have any cookies set: if the user logs in, they don't show up in the list of "Current Users". They only show up in the list if they've previously logged in, logged out, then logged back in again. Subsequent logins thereafter work correctly.

This seems to have something to do with the UserCounterListener class which tracks the current sessions. If the UserCounterListener.EVENT_KEY session attribute is set to anonymous, it doesn't seem to get reset correctly when a user logs in. In the SignupAction class this can be fixed by removing the attribute before logging the user in automatically with:
getSession().removeAttribute(UserCounterListener.EVENT_KEY);
before the comment:
// log user in automatically

But I can't figure out how to fix it for regular logins. I'd like to be able to see all users, regardless of how their cookies started in the "Current Users" page.

Steps to reproduce:
1) clear all browser cookies (either firefox or IE)
2) run mvn jetty:run-war
3) in browser login as an admin (mraible/tomcat)
4) navigate to http://127.0.0.1:8080/activeUsers.html
error: admin user is logged in but doesn't appear

Regular users have the same issue:
1) open a second browser (not a new tab, a whole new process with different session cookies)
2) login as tomcat/tomcat
3) back in the "admin" browser, refresh the "Current Users" page
error: normal user doesn't appear in the list

When a new user account is created the same thing happens:
1) open a browser with no cookies set
2) create a new user account which is auto-logged in by SignupAction
3) back in the "admin" browser, refresh the "Current Users" page
error: normal user doesn't appear in the list

thanks,
Jason

mraible

Re: current user count incorrect

Reply Threaded

If you figure out a solution for this, let us know. I don't know of a
good solution, but MessAdmin may solve a this by providing a more
accurate count of active sessions. If we integrate it, we can remove
clickstream and activeUsers. Of course, it may introduce a whole
bunch of new pages - I don't know, I haven't tried to integrate it
yet.

http://messadmin.sf.net

Matt

On 4/9/07, thrasher <[hidden email]> wrote:

>
> Is the "Current Users" page supposed to show the currently logged in users
> with open sessions?
>
> It seems like it is, but I'm getting a bug when a user's browser doesn't
> have any cookies set: if the user logs in, they don't show up in the list of
> "Current Users". They only show up in the list if they've previously logged
> in, logged out, then logged back in again. Subsequent logins thereafter
> work correctly.
>
> This seems to have something to do with the UserCounterListener class which
> tracks the current sessions. If the UserCounterListener.EVENT_KEY session
> attribute is set to anonymous, it doesn't seem to get reset correctly when a
> user logs in. In the SignupAction class this can be fixed by removing the
> attribute before logging the user in automatically with:
> getSession().removeAttribute(UserCounterListener.EVENT_KEY);
> before the comment:
> // log user in automatically
>
> But I can't figure out how to fix it for regular logins. I'd like to be
> able to see all users, regardless of how their cookies started in the
> "Current Users" page.
>
> Steps to reproduce:
> 1) clear all browser cookies (either firefox or IE)
> 2) run mvn jetty:run-war
> 3) in browser login as an admin (mraible/tomcat)
> 4) navigate to http://127.0.0.1:8080/activeUsers.html
> error: admin user is logged in but doesn't appear
>
> Regular users have the same issue:
> 1) open a second browser (not a new tab, a whole new process with different
> session cookies)
> 2) login as tomcat/tomcat
> 3) back in the "admin" browser, refresh the "Current Users" page
> error: normal user doesn't appear in the list
>
> When a new user account is created the same thing happens:
> 1) open a browser with no cookies set
> 2) create a new user account which is auto-logged in by SignupAction
> 3) back in the "admin" browser, refresh the "Current Users" page
> error: normal user doesn't appear in the list
>
> thanks,
> Jason
>
> --
> View this message in context: http://www.nabble.com/current-user-count-incorrect-tf3550268s2369.html#a9911575
> Sent from the AppFuse - Dev mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>

--
http://raibledesigns.com

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Jason Thrasher

Re: current user count incorrect

Reply Threaded

Hi Matt,

It appears to be due to the ThreadLocal nature of org.acegisecurity.context.HttpSessionContextIntegrationFilter. When the ACEGI_SECURITY_CONTEXT_KEY is set in the thread, and SecurityContextHolder.getContext().hashCode() doesn't change for the duration of the request's chain.doFilter(), it doesn't get reset to any new value.

The problem is that the hashCode of the context is being used to determine if there's a change, not the value of the attribute. Since the listener works on the value of the attribute's change, the value doesn't get changed when the hashcode is the same for the duration of the request.... and we don't see the UserCounterListener update.

Two ways to fix it are:
1) to HttpSessionContextIntegrationFilter, mostly copying doFilter(), and check for changes in the value
2) check for changes in a new filter, before and after doFilter, and reset the attribute (which triggers the listener) upon a change.

The second method is less intrusive. I'll try it later and let you know what I find. Or if anyone has a better way, post it!

Jason

mraible wrote:

If you figure out a solution for this, let us know. I don't know of a
good solution, but MessAdmin may solve a this by providing a more
accurate count of active sessions. If we integrate it, we can remove
clickstream and activeUsers. Of course, it may introduce a whole
bunch of new pages - I don't know, I haven't tried to integrate it
yet.

http://messadmin.sf.net

Matt

On 4/9/07, thrasher <jason@coachthrasher.com> wrote:
>
> Is the "Current Users" page supposed to show the currently logged in users
> with open sessions?
>
> It seems like it is, but I'm getting a bug when a user's browser doesn't
> have any cookies set: if the user logs in, they don't show up in the list of
> "Current Users". They only show up in the list if they've previously logged
> in, logged out, then logged back in again. Subsequent logins thereafter
> work correctly.
>
> This seems to have something to do with the UserCounterListener class which
> tracks the current sessions. If the UserCounterListener.EVENT_KEY session
> attribute is set to anonymous, it doesn't seem to get reset correctly when a
> user logs in. In the SignupAction class this can be fixed by removing the
> attribute before logging the user in automatically with:
> getSession().removeAttribute(UserCounterListener.EVENT_KEY);
> before the comment:
> // log user in automatically
>
> But I can't figure out how to fix it for regular logins. I'd like to be
> able to see all users, regardless of how their cookies started in the
> "Current Users" page.
>
> Steps to reproduce:
> 1) clear all browser cookies (either firefox or IE)
> 2) run mvn jetty:run-war
> 3) in browser login as an admin (mraible/tomcat)
> 4) navigate to http://127.0.0.1:8080/activeUsers.html
> error: admin user is logged in but doesn't appear
>
> Regular users have the same issue:
> 1) open a second browser (not a new tab, a whole new process with different
> session cookies)
> 2) login as tomcat/tomcat
> 3) back in the "admin" browser, refresh the "Current Users" page
> error: normal user doesn't appear in the list
>
> When a new user account is created the same thing happens:
> 1) open a browser with no cookies set
> 2) create a new user account which is auto-logged in by SignupAction
> 3) back in the "admin" browser, refresh the "Current Users" page
> error: normal user doesn't appear in the list
>
> thanks,
> Jason
>
> --
> View this message in context: http://www.nabble.com/current-user-count-incorrect-tf3550268s2369.html#a9911575
> Sent from the AppFuse - Dev mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@appfuse.dev.java.net
> For additional commands, e-mail: dev-help@appfuse.dev.java.net
>
>

--
http://raibledesigns.com

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@appfuse.dev.java.net
For additional commands, e-mail: dev-help@appfuse.dev.java.net

maslovalex

Re: current user count incorrect

Reply Threaded

In reply to this post by Jason Thrasher

Hi !

Almost the same happens for me, but only under jetty (mvn jetty:run-war).
It is working fine if I run project using mvn cargo:start -Dcargo.wait=true

thrasher wrote:

It seems like it is, but I'm getting a bug when a user's browser doesn't have any cookies set: if the user logs in, they don't show up in the list of "Current Users". They only show up in the list if they've previously logged in, logged out, then logged back in again. Subsequent logins thereafter work correctly.

In my case user appears in the list if I clear JSESSION cookie before login (I suppose new session is created on server-side and athentificated user added to the session without adding ANONYMOUS one - just wild guess).
If I login, then logout and login again user does not appear in the list.

In case running application under tomcat (using cargo) everything works fine (or at least as I imaging it suppose to work).
So it is interesting is it jetty or something in appfuse?

Best Regards,
Alex

maslovalex

Re: current user count incorrect

Reply Threaded

Hi.

maslovalex wrote:

In my case user appears in the list if I clear JSESSION cookie before login (I suppose new session is created on server-side and athentificated user added to the session without adding ANONYMOUS one - just wild guess).
If I login, then logout and login again user does not appear in the list.

In case running application under tomcat (using cargo) everything works fine (or at least as I imaging it suppose to work).
So it is interesting is it jetty or something in appfuse?

Running under Jetty UserCounterListener.attributeReplaced(...) never fires up, but does quite a lot running under Tomcat.

Best Regards,
Alex

maslovalex

Re: current user count incorrect

Reply Threaded

In reply to this post by mraible

Hi.

I did try to integrate somehow MessAdmin in a way that we stay with the same pages and functionality.
Unfortunately clickstreams plugin for messadmin does not provide Bot/notBot functionality (at least at first glance).

Some steps to accomplish it:
1. add dependency to pom.xml (in web module in case of modular project)
<dependency>
<groupId>net.sourceforge.messadmin</groupId>
<artifactId>MessAdmin-Core</artifactId>
<version>4.0</version>
</dependency>
<dependency>
<groupId>net.sourceforge.messadmin</groupId>
<artifactId>MessAdmin-ClickStream</artifactId>
<version>4.0</version>
</dependency>
2. Add filter to web.xml (just after securityFilter):

<filter>
<filter-name>MessAdminFilter</filter-name>
<filter-class>clime.messadmin.filter.MessAdminFilter</filter-class>
</filter>
3. Add filter mapping to web.xml:
<filter-mapping>
<filter-name>MessAdminFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
4. and listener:

<listener>
<listener-class>clime.messadmin.core.MessAdminListener</listener-class>
</listener>
5. change struts.xml :

<package name="admin" extends="default" namespace="/admin">

....

<action name="activeUsers"
class="org.appfuse.webapp.action.ActiveUsers">
<interceptor-ref name="adminCheck" />
<result name="success">
/WEB-INF/pages/activeUsers.jsp
</result>
</action>

<action name="clickstreams"
class="com.opensymphony.xwork2.ActionSupport">
<interceptor-ref name="adminCheck" />
<result name="success">
/WEB-INF/pages/admin/clickstreams.jsp
</result>
</action>

<action name="viewstream"
class="com.opensymphony.xwork2.ActionSupport">
<interceptor-ref name="adminCheck" />
<result name="success">
/WEB-INF/pages/admin/viewstream.jsp
</result>
</action>

.....

</package>
6. use changed JSPs and new ActionClass (may be changed to script in jsp). See attached archive.

Hope explanation is not so tangled and will make some start for more tight integration with MessAdmin if you decide to go with it.
Some known issue:
I did use <displaytag:column autolink="true"> for showing requests. Clickstream plugin for MessAdmin produces this info as an ordered list (with all needed html-tags) and displaytag autolink treats </li> as part ot the LINK. As a result - Page Not Found.

- Alex
appFuse_MessAdmin.tar.gz
P.S.
I'm useing Struts2 and all admin stuff were moved under admin namespace.

mraible wrote:

If you figure out a solution for this, let us know. I don't know of a
good solution, but MessAdmin may solve a this by providing a more
accurate count of active sessions. If we integrate it, we can remove
clickstream and activeUsers. Of course, it may introduce a whole
bunch of new pages - I don't know, I haven't tried to integrate it
yet.

http://messadmin.sf.net

Matt

maslovalex

Re: current user count incorrect

Reply Threaded

Hi.

in previous message prepare method of action ActiveUsers for propper work need to be changed to :
@SuppressWarnings("unchecked")
public void prepare() throws Exception {
Set<Session> sessions = Server.getInstance().getApplication(servletContext).getActiveSessions();

activeSessions = new HashSet<ISessionInfo>();
for (Session aSession : sessions) {
ISessionInfo sessionInfo = aSession.getSessionInfo();
Principal userPrincipal = sessionInfo.getUserPrincipal();
if(userPrincipal != null ) {
activeSessions.add(sessionInfo);
}
}
}

Otherwise activeUsers.html will show not only sessions with authenticated users but anonymous also.

The filter definition for MessAdmin might be put somewhere before securityFilter (maybe same place as clickstream filter now).

-Alex

mraible

Re: current user count incorrect

Reply Threaded

In reply to this post by maslovalex

I've entered this as an issue and will be fixing it in Subversion shortly.

http://issues.appfuse.org/browse/APF-741

Matt

maslovalex wrote:

Hi.

maslovalex wrote:

In my case user appears in the list if I clear JSESSION cookie before login (I suppose new session is created on server-side and athentificated user added to the session without adding ANONYMOUS one - just wild guess).
If I login, then logout and login again user does not appear in the list.

In case running application under tomcat (using cargo) everything works fine (or at least as I imaging it suppose to work).
So it is interesting is it jetty or something in appfuse?

Running under Jetty UserCounterListener.attributeReplaced(...) never fires up, but does quite a lot running under Tomcat.

Best Regards,
Alex