in my application, ill login with my credentials. at the same time if i open another browser/browser in another system and try to login with same credentials, it should redirect to login page saying "user already logged in". what are the possible solutions to implement this...please suggest me..thanks in advance
You can keep a flag in the database to signify the user is already authenticated.
And when the user tries to login again you can check it with this flag.
The problem with this is that it locks out users that are in the habit of simply closing browser windows instead of explicitly clicking on the "logout" button. Even if you have a timer that automatically clears these flags every hour or so (or if the user session expires), you're still locking out the user for that time frame.
A better solution would be to check whether the user is logged in already, and invalidate the previous session.
But the important question is: Why do you want to prevent this? What's wrong with a user having two open sessions?
posted 11 years ago
what if i close the browser without clicking logout, at that time i won't be able to remove my userid from session map.....then what should i do?
Nishan Patel wrote:
You can configure session time out at web.xml. So that if some one direct close browser without click on sign out then after your define time at web.xml user will log out after some time.