How to restrict the number of users connecting to my website

I want to know if i can restrict my website to take only certain number of users at a given time.

Harathi,
Welcome to JavaRanch!

I'm not sure what this has to do with JDBC. I'm going to move it to Servlets for now. If it ends up being about JDBC, someone can move it back.

Harathi,
You could do something with SessionListeners to count the users as they log in. The tricky part is knowing when they logout. If they don't explicitly log out, you have to wait for the session to time out. So keep in mind that the user count is inflated.

Why do you want to restrict the number of users?

So, there is no scope to say "stop the users from logging in", at the most what we can do is count the no. of users logged in ? is it all we can do?

No, there really isn't anything that says "No more people can log in". Jeannne's suggestion would probably be the closest to what you want along with her warning about people just closing down a browser over logging out out the app proper.

Originally posted by Harathi Rao:
So, there is no scope to say "stop the users from logging in", at the most what we can do is count the no. of users logged in ? is it all we can do?

what else you want to do? and how you gonna do that?
is there any way out, other then counting the no. of logged in users?
[ November 01, 2004: Message edited by: adeel ansari ]

Harathi,
With the count of the number of users logged in, you can display a "system is full" message instead of the login screen.

That won't prevent bazillions of people from TRYING to log in. They'll hit your login page, you'll do some processing to count users and return a "system busy" message. That's going to chew up some CPU and resources on your server. If they keep banging the refresh button hoping to be the next lucky user to get past the busy page, they'll be eating up almost as many resources as regular users. Ouch! You might need a special gateway server that does nothing but reject login requests.

Originally posted by Stan James:
That won't prevent bazillions of people from TRYING to log in. They'll hit your login page, you'll do some processing to count users and return a "system busy" message. That's going to chew up some CPU and resources on your server. If they keep banging the refresh button hoping to be the next lucky user to get past the busy page, they'll be eating up almost as many resources as regular users. Ouch! You might need a special gateway server that does nothing but reject login requests.

A home page such as the one below and a session listener which would update an application attribute "logged.user.count" for each new session created should work.

homepage.jsp

if ( Integer.parseInt( (String) application.getAttribute("logged.user.count") ) > application.getInitParameter("max.user.allowed") ) out.println("System is currently Busy") ; else request.getRequestDispatcher("Login").forward(request, response ) ;

I dont think a page such as the one above would need considerable resources on the server . I think Jeanne's approach would work....

Stan,
There isn't anything you can do about users trying to log in. That's why it's hard to deal with denial of service attacks.

Hi ,
Implement an HttpSessionListener and follow what Ajith Anand has written. This will work.

Cheers

Originally posted by Stan James:
That won't prevent bazillions of people from TRYING to log in. They'll hit your login page, you'll do some processing to count users and return a "system busy" message. That's going to chew up some CPU and resources on your server. If they keep banging the refresh button hoping to be the next lucky user to get past the busy page, they'll be eating up almost as many resources as regular users. Ouch! You might need a special gateway server that does nothing but reject login requests.

Laughing out loud.

I re-read that last sentence and thought somebody might read it to suggest rejecting ALL login attempts. That would cut down your load fer sure.

Some of these techniques will work fine if you have an office of 50 people and you only want 75 logins. But a public web site can never predict the number of potential users - maybe you'll be mentioned on The Screen Savers.