Win a copy of Five Lines of Code this week in the OO, Patterns, UML and Refactoring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

how to reject multiple logins

 
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi all,

here is the situation.

in my application, ill login with my credentials. at the same time if i open another browser/browser in another system and try to login with same credentials, it should redirect to login page saying "user already logged in". what are the possible solutions to implement this...please suggest me..thanks in advance
 
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

You can keep a flag in the database to signify the user is already authenticated.
And when the user tries to login again you can check it with this flag.
 
Ranch Hand
Posts: 689
Scala Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi,

If you don't want to use database just make one login filter which check before login and that filter contains one session map at Application context level.

when user login add user session or to that map or list.

So when you login again it check map or list contains user session or not.

remember one thing at logout time make use same filter with another condition and just update list or map and remove user session from the list or map.


That's way you can also get your way.....

 
Rancher
Posts: 43016
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

You can keep a flag in the database to signify the user is already authenticated.
And when the user tries to login again you can check it with this flag.


The problem with this is that it locks out users that are in the habit of simply closing browser windows instead of explicitly clicking on the "logout" button. Even if you have a timer that automatically clears these flags every hour or so (or if the user session expires), you're still locking out the user for that time frame.

A better solution would be to check whether the user is logged in already, and invalidate the previous session.

But the important question is: Why do you want to prevent this? What's wrong with a user having two open sessions?
 
ash chowdary
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
what if i close the browser without clicking logout, at that time i won't be able to remove my userid from session map.....then what should i do?
 
Nishan Patel
Ranch Hand
Posts: 689
Scala Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi,

You can configure session time out at web.xml. So that if some one direct close browser without click on sign out then after your define time at web.xml user will log out after some time.

 
Mohamed Inayath
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Have a Session Listener when session gets invalidated/destroyed then remove the id from the application context.
 
Ranch Hand
Posts: 5575
Eclipse IDE Windows XP Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Nishan Patel wrote:
You can configure session time out at web.xml. So that if some one direct close browser without click on sign out then after your define time at web.xml user will log out after some time.



inbetween time, he can login right?
 
Nishan Patel
Ranch Hand
Posts: 689
Scala Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi,

If session already available and he or she use same browser then no need to login again. Other wise if session destroy and finished by web xml time out then user has to login again.

 
Bartender
Posts: 3648
16
Mac OS X Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Apart from using filters, you can consider a set in your servlet to store the usernames. This set must then be shared throughout the application. I did a similar thing with EJB.

For the session timeout, you can use the sessionDestroy method if the user did not logout.
 
Nishan Patel
Ranch Hand
Posts: 689
Scala Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi,

I think the best suitable way is depend upon your application.

If there are no many database transaction in your application then i think take one filed in database when user login update this field and check at login time.

And if you dont want database transaction then use filter or other solution you get.


 
Please do not shoot the fish in this barrel. But you can shoot at this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
    Bookmark Topic Watch Topic
  • New Topic