Win a copy of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

how to reject multiple logins  RSS feed

 
ash chowdary
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi all,

here is the situation.

in my application, ill login with my credentials. at the same time if i open another browser/browser in another system and try to login with same credentials, it should redirect to login page saying "user already logged in". what are the possible solutions to implement this...please suggest me..thanks in advance
 
Mohamed Inayath
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

You can keep a flag in the database to signify the user is already authenticated.
And when the user tries to login again you can check it with this flag.
 
Nishan Patel
Ranch Hand
Posts: 689
Eclipse IDE Java Scala
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi,

If you don't want to use database just make one login filter which check before login and that filter contains one session map at Application context level.

when user login add user session or to that map or list.

So when you login again it check map or list contains user session or not.

remember one thing at logout time make use same filter with another condition and just update list or map and remove user session from the list or map.


That's way you can also get your way.....

 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can keep a flag in the database to signify the user is already authenticated.
And when the user tries to login again you can check it with this flag.

The problem with this is that it locks out users that are in the habit of simply closing browser windows instead of explicitly clicking on the "logout" button. Even if you have a timer that automatically clears these flags every hour or so (or if the user session expires), you're still locking out the user for that time frame.

A better solution would be to check whether the user is logged in already, and invalidate the previous session.

But the important question is: Why do you want to prevent this? What's wrong with a user having two open sessions?
 
ash chowdary
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
what if i close the browser without clicking logout, at that time i won't be able to remove my userid from session map.....then what should i do?
 
Nishan Patel
Ranch Hand
Posts: 689
Eclipse IDE Java Scala
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi,

You can configure session time out at web.xml. So that if some one direct close browser without click on sign out then after your define time at web.xml user will log out after some time.

 
Mohamed Inayath
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Have a Session Listener when session gets invalidated/destroyed then remove the id from the application context.
 
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Java Windows XP
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Nishan Patel wrote:
You can configure session time out at web.xml. So that if some one direct close browser without click on sign out then after your define time at web.xml user will log out after some time.


inbetween time, he can login right?
 
Nishan Patel
Ranch Hand
Posts: 689
Eclipse IDE Java Scala
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi,

If session already available and he or she use same browser then no need to login again. Other wise if session destroy and finished by web xml time out then user has to login again.

 
K. Tsang
Bartender
Posts: 3648
16
Firefox Browser Java Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Apart from using filters, you can consider a set in your servlet to store the usernames. This set must then be shared throughout the application. I did a similar thing with EJB.

For the session timeout, you can use the sessionDestroy method if the user did not logout.
 
Nishan Patel
Ranch Hand
Posts: 689
Eclipse IDE Java Scala
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi,

I think the best suitable way is depend upon your application.

If there are no many database transaction in your application then i think take one filed in database when user login update this field and check at login time.

And if you dont want database transaction then use filter or other solution you get.


 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!