Hi everyone I have a question with a way my users are logging into my system. Some of them seem to be sharing usernames and I am looking for a opensource tool or some advice on best implementations to avoid this.
The several ideas all which have some pros/cons are
checking session id adding the login to db and then checking if that user is logged in
has anyone ever run across this and figure out a solution that works MOST OF THE THE TIME?
One right off my head is as follows: 1. You would be maintaining a session for each user logged in. 2. Use an HttpSessionListener to keep a track of each session being created/destroyed. 3. Maintain an ArrayList with login names of logged in users and store at application scope. 4. In sessionCreated() of HttpSessionListener, check if the user already exists. If yes, it means it is a second login with the same user ID, have your business logic to handle this case. Else add a user in the list and proceed as normal flow. 5. In sessionDestroyed(), remove the user from the List.