• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How to identify host uniquely when a firewall is enabled?

 
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Does anybody know how the host is identified uniquely by the server if a firewall is enabled? Will there be any hidden parameters that will be sent across with the URL by the firewall? Is there any way to get hold of those hidden parameters?
 
vinod perla
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Actually I want to check whether a user has logged in from two different systems or from the same system. If the firewall is enabled it is acting as a proxy for the actual host. So how do I know this information?
 
Ranch Hand
Posts: 2874
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can not. A similar thread
 
Adeel Ansari
Ranch Hand
Posts: 2874
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can check the browser info. But again two different browser on the same system will do the trick.
 
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is a host hearder in the HTTP request , that might help to identify a host.

Note: host header has been introduced for virtual hosting ,so more that one host can map to a single physical machine.
 
Adeel Ansari
Ranch Hand
Posts: 2874
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If I'm not mistaken you are after client not the host. The user would be the client and your server would be the host for the user.
 
Adeel Ansari
Ranch Hand
Posts: 2874
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Rahul Bhattacharjee:
There is a host hearder in the HTTP request , that might help to identify a host.



HOST field wouldn't help here. If you make a request to "http://www.javaranch.com" then the HOST would be "saloon.javaranch.com".

[Edited]
Host - Header Field Definitions
[ January 17, 2007: Message edited by: Adeel Ansari ]
 
vinod perla
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you for the response. Is there a way to know whether a user has already logged in?

Actual Requirement:
If a user already logged in system1 and if anybody tries logging in with the same user account in system2, an alert should be prompted saying 'A user already logged in with the same details. Do you want to terminate it or not?' Basing on its input the system should either terminate the session of the user in system1 or it should just take the user in the system2 to the login screen again.

If same thing is tried in the same system the alert shouldn�t show up and the system should allow to login
 
vinod perla
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Adeel Ansari thank you very much for the response. What you said is right I actually want to know the client. Is there a way to identify the client uniquely even when a firewall is enabled?
 
Adeel Ansari
Ranch Hand
Posts: 2874
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by vinod perla:
Adeel Ansari thank you very much for the response. What you said is right I actually want to know the client. Is there a way to identify the client uniquely even when a firewall is enabled?



There is no such way I am aware of.
 
Adeel Ansari
Ranch Hand
Posts: 2874
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by vinod perla:
Actual Requirement:
If a user already logged in system1 and if anybody tries logging in with the same user account in system2, an alert should be prompted saying 'A user already logged in with the same details. Do you want to terminate it or not?' Basing on its input the system should either terminate the session of the user in system1 or it should just take the user in the system2 to the login screen again.

If same thing is tried in the same system the alert shouldn�t show up and the system should allow to login



You can make it if you alter the requirement to be more reasonable something like below.


Block the login if the user is already logged in to the system and some other user or the same user try to log in to the system using the same login credentials.



But I wish could do that.
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by vinod perla:
Thank you for the response. Is there a way to know whether a user has already logged in?



No, there is no reliable way to know if a user has logged in more than once.
This question gets asked and debated quite often here and I have yet to see anyone suggest a solid method for doing this.
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Adeel Ansari:


HOST field wouldn't help here. If you make a request to "http://www.javaranch.com" then the HOST would be "saloon.javaranch.com".

[Edited]
Host - Header Field Definitions



Yes , true as what you have mentioned.
I misunderstood the question.


 
vinod perla
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I actually want the IP Address of the client machine, is it possible to get the machine name or IP Address by JavaScript?

If not can anybody suggest me some procedure to fulfill the requirement.
[ January 17, 2007: Message edited by: vinod perla ]
 
Ranch Hand
Posts: 344
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


Actual Requirement:
If a user already logged in system1 and if anybody tries logging in with the same user account in system2, an alert should be prompted saying 'A user already logged in with the same details. Do you want to terminate it or not?' Basing on its input the system should either terminate the session of the user in system1 or it should just take the user in the system2 to the login screen again.

If same thing is tried in the same system the alert shouldn�t show up and the system should allow to login


I don't know whether it's correct for thhis problem..

Actually You will be checking the username and password are correct from DB(or some other files/property) If it is DB, include one field which indicates user logged in(1)/logged out(0).

So when user1 is log-in, update the field to 1. So when user2 is trying to log-in, allow him only if the field is 0..
 
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The problem you are describing doesn't really relate to a firewall, since a normal firewall doesn't hide or change one's IP adress which you can get from the request object. A NAT router or any kind of proxy server (forward or reverse) will hide youre clients connection.
From within javascript which runs on the client and thereby a reliable way to get the clients hostname, it is only possible in netscape to get the clients hostname.
The solution described above only solves part of the problem, you know when someone logs into the system. But since it is not possible to handle the log out or closing of the browser or ... in a reliable manner it does not work.
e.g.
User logs into the system, http session is created and entry is written into the database. Browser crashes or any other event which causes the unload not to run. The user reacts by opening a new browser and logs into the system before the http session expires (the expiration of the http session should trigger some code to change the users status inside the database) and the user will be prompted that he/she still is logged in.
There is no 100% reliable option for this, what kind of solution you take, databse, pesistent cookies or.....
 
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi,
when you log in sys1 in yahoo and someone tries to login from sys2,we will be automatically logged off saying that someone has logged in from other sys . how does that happen ?
 
vinod perla
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thank you for the responses so far.
I am not bothered about the logout of the user. I should not use the DB either for the flagging.
The Web servers are clustered and the session variables are not shared across web servers. In this scenario which is the best way to keep track whether a user has logged in already?
Suggest me some best way to handle the requirement.


Actual Requirement:
If a user already logged in system1 and if anybody tries logging in with the same user account in system2, an alert should be prompted saying 'A user already logged in with the same details. Do you want to terminate it or not?' Basing on its input the system should either terminate the session of the user in system1 or it should just take the user in the system2 to the login screen again.

If same thing is tried in the same system the alert shouldn�t show up and the system should allow to login

 
Adeel Ansari
Ranch Hand
Posts: 2874
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by vinod perla:
I should not use the DB either for the flagging.


Why?

Originally posted by vinod perla:
In this scenario which is the best way to keep track whether a user has logged in already? Suggest me some best way to handle the requirement.


Database.
 
vinod perla
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Adeel Ansari: Why


The requirement is to be fixed at the web layer as I was strictly suggested not to use any DB. I can use servlets, files to hold the user info, cookies, session and whatever possible from the web layer.
 
Adeel Ansari
Ranch Hand
Posts: 2874
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by vinod perla:
The requirement is to be fixed at the web layer as I was strictly suggested not to use any DB. I can use servlets, files to hold the user info, cookies, session and whatever possible from the web layer.


Use file then.

By the way a simple definition of the Database would be,


"Database is a collection of files."


[ January 22, 2007: Message edited by: Adeel Ansari ]
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by vinod perla:

The Web servers are clustered and the session variables are not shared across web servers.



If this is the case, and you're not using sticky sessions at the router level, you options are very limited.
You will pretty much have to maintain state in the database (or some other shared resource on the back end).

Those requirements don't sound realistic to me.
reply
    Bookmark Topic Watch Topic
  • New Topic