Setting a flag and preventing login would be a bit troublesome sometime. For example if the browser crashes or the user wants to continue working on another PC due to any reason and has lost contact with the PC where he logged in first. The best thing would be to find the other session object and invalidate it and treat the new login as valid. THis will ensure that the user is logged in at a single location at a time.
Also allow the user to disable this capability and prevent login if required (In which case you would use a flag like Sebastian suggested.
So we have to find all the session object and confirm that whether this user is logged in or not? am i right?
Is there performance issue....
Is there any other way like using LDAP server to maintain single session(I also don't know LDAP, but somebody told me.)
Searching all session objects would be a bad idea. Just maintain a hashmap of login names and session objects in the Servlet Context. You can access the required session by providing the login name.
You will then have to write a session listener to remove the session from the map when it is getting invalidated (Either due to logout or timeout)
I dont think you need to use LDAP for something simple like this.
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop