• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

multiple users same username

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi everyone I have a question with a way my users are logging into my system. Some of them seem to be sharing usernames and I am looking for a opensource tool or some advice on best implementations to avoid this.

The several ideas all which have some pros/cons are

checking session id
adding the login to db and then checking if that user is logged in

has anyone ever run across this and figure out a solution that works MOST OF THE THE TIME?

thank you for all your help
 
Ranch Hand
Posts: 107
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There can be many solutions to it...

One right off my head is as follows:
1. You would be maintaining a session for each user logged in.
2. Use an HttpSessionListener to keep a track of each session being created/destroyed.
3. Maintain an ArrayList with login names of logged in users and store at application scope.
4. In sessionCreated() of HttpSessionListener, check if the user already exists. If yes, it means it is a second login with the same user ID, have your business logic to handle this case. Else add a user in the list and proceed as normal flow.
5. In sessionDestroyed(), remove the user from the List.

Of course there are things you need to consider:
1. Is the application on distributed system.
2. Have a session timeout configured to a short value. Cause if the user closes the browser without a logout, the session will not be destroyed right away. This will not allow the user to login again. (You can trap the browser close event in javascript though and display appropriate message).
 
reply
    Bookmark Topic Watch Topic
  • New Topic