• Post Reply Bookmark Topic Watch Topic
  • New Topic

Login mechanism using java  RSS feed

 
himanshu patel
Ranch Hand
Posts: 205
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
I have a problem related to the login mechanism.
Currently, I am working on one j2ee application, which uses login mechanism to allow user
gain access of application. Now I need to do the following.
If user logs in with his/her own username/password from one PC, then
(1) Application should not allow logging in with same username/password from other PC.
(2) Application should not allow logging in with same username/password from same PC using
another browser window.
(3) Application should able to handle unexpected log out like shutting down PC, crashing browser window, accident killing of browser window etc.
I am using JSP, servlet, EJB with Oracle 9IAS as application server on appache web server.
Using oracle 8I database.
Can anyone suggest me what could be the possible solutions to implement this efficiently.
Any suggestion is highly appreciated.
Thanks in advance.
Himanshu
 
Andy Bowes
Ranch Hand
Posts: 171
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Himanshu
The only way I know to do something like this is to monitor the HttpSession that are created on the Application Server when the user logs in.
On the application server you will need to keep a list of the users that are currently logged in and add a user to this list when the user completes your authentication process. The user will need to be removed from the this when their session expires so the list will need hold a link between the user name and their session id.
Your authentication process will need to check the this of current users and prevent new sessions for active users.
This should give you most of your requirements however it is NOT possible to be informed immediately a browser is closed/killed or crashes only when the session expires which is determined by the session timeout in your application.
The other is that a user will always be able to 'clone' a browser window (i.e. 'Window/New') as it will reuse the existing session.
I have seen this requirement written into user specifications so many times however most of the time the available loop-holes and the amount of effort involved to do it means that it is usually a requirement that gets dropped before delivery.
HTH
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!