• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

User Athentication ( Login / Password )

 
Siyaram Singh
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In our J2EE application (Without EJB), We are using database table to store and maintaine User information. But during the user athentication It allows the duplicate user (Same time more than two users with same user ID). We don't want to allow (duplicate multiple user same time) more than one user with same ID

What could be the Best approach to deal with this problem.

Solution should be light, simple and less resource consumming.

Thanks in Advance,
SS
 
Naresh Chaurasia
Ranch Hand
Posts: 361
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I am suggesting you a way out. It might not be the best. There are two ways you can do this : 1. When the user logs in store the userid as a context level variable, so when the user is trying to login with the same id ,you can redirect him to a next page stating that the user is alreay logged in. 2.Another way is that that instead of maintaing the user as a context level variable you can store the status of the user id database as logged, but this is going to be more resourece intensive(since you are connecting to database).

There is one disadvantage in using the above approach.If the user does not log out and closes the window then, the same user cannot log in until the user's session is expired on the server.

If you use any of the above approach, then make sure to invalidate session/update database/context variable when the user logs out.

Hope this helps

N C
 
Siyaram Singh
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi
When the user logs in store the userid as a context level varables .


Could you please give some API / method level hints / details how to store user id into Context and again check with incoming user log in, TO not allow the duplicate login oncurrently??

Regards,
SS
 
Rick O'Shay
Ranch Hand
Posts: 531
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Since this happens at login time only you can set a flag in the user's database record: space efficient and inconsequential time wise since you already have to fetch that record. Brilliant!

You will also need a cookie that expires along with the session. Attempts to log back in from machines with that cookie must be allowed but only from that cookie. The IP address is no good since you could have many users behind some proxy servers with the same IP. Finally, you will have to listen for session expiration and set the user's online flag to false. That way they will be able to move to another machine and login later.

Small problem: cannot login from another machine until the session expires.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic