Hi,
can someone suggest me as to how i can make use of session variable(or some other logic) to prevent a user from logging into my system who is already logged in. I have disabled the cookies.

thnx in advance

Hi,

When user logs in, store the username as a application scope variable. So that username is availbale across all sessions and requests.
My 2 cents.

Siri.

Hi !
Just trying to understand your question.
You are trying to prevent a user from logging in who is already logged in??
Can you elaborate a bit more what you are trying to accomplish?

THanks,
Amit

Hi,
Siri, I am aware about the context variable which are initialized when in the web.xml, but not aware about other application scope variable. Can you tell more on this !!!



Amit what i am trying to do is that a user is already logged in my system and he opens other browser and logs in again. I want to prevent the second time logging of the user.

thnx in advance.

Why cant you simply check the existance of that users session?
Correct me if I'm wrong (even I'm new to all this!) but heres what I think.
On the login page you could have some check like

if request.getSession(false) returns null
then you know this is the first time a user is logging in
else
you know that he already has a session that exists and you can take the necessary action.

Anyone? Does this sound okay?
Thanks,
Amit

i meant in servletcontext scope. when the session begins store the logged username as servletcontext level scope variable .. for every new user login .. check if the user already exists and prevent him from loggin again. make sure to delete the user when the session ends!

Siri.

Hi Siri,

How you come to know then the session is ended by user on particular browser window?

Thanks

Use this event/method sessionDestroyed(HttpSessionEvent se) in javax.servlet.http.HttpSessionListener

to remove the context variables..

Hi Sirisha,
I guess this is what you meant : i have tried and it is working.thnx.


public class Login extends HttpServlet
{
public void init(ServletConfig sc)throws ServletException{
super.init(sc);
}

public void doGet(HttpServletRequest req,HttpServletResponse res) throws ServletException,IOException{

PrintWriter out = res.getWriter();
String userid = req.getParameter("userid");


ServletContext sctxt = getServletContext();
String uid = (String)sctxt.getAttribute("userid");

if(uid == null){
sctxt.setAttribute("userid",userid);
out.println("new userid :"+userid);
}
else if(uid.equals(userid)){
out.println("old userid : "+userid);
}

}
}


In continuation with the session management, I open browser and log into my application. After that i open another browser and try to log-in again. Will the session.isNew() return true/false when i try log-in from the different browser.

Mind you though, your code does not take care of removing the user from the servlet context when the session is over.
Siri.

What about filters ??
Can you use them to do this stuff.. have you explored em?

I havent gotten that far in my reading.. let us know if you did...

Siri

yes i will take care of removing the of removing the user from the servlet context when the session is over.Another doubt,if a user is logged in, and he closed the browser without logging out. In that case the session will be still active.If the same user opens a new browser and tries to login again(assuming that the session is still active), will he get a new session/old session,assuming cookies are enabled in the browser and still not deleted.


i have not reached filters till now and no idea how filters work.