posted 17 years ago
There can be many solutions to it...
One right off my head is as follows:
1. You would be maintaining a session for each user logged in.
2. Use an HttpSessionListener to keep a track of each session being created/destroyed.
3. Maintain an ArrayList with login names of logged in users and store at application scope.
4. In sessionCreated() of HttpSessionListener, check if the user already exists. If yes, it means it is a second login with the same user ID, have your business logic to handle this case. Else add a user in the list and proceed as normal flow.
5. In sessionDestroyed(), remove the user from the List.
Of course there are things you need to consider:
1. Is the application on distributed system.
2. Have a session timeout configured to a short value. Cause if the user closes the browser without a logout, the session will not be destroyed right away. This will not allow the user to login again. (You can trap the browser close event in javascript though and display appropriate message).
Sunil.V<br />SCJP2, SCWCD1.4, SCBCD1.3