Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Maintain Single Session Login  RSS feed

 
Ramkumar Nachimuthu
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
If any user logged in then he should not able to log in in any other browser or any other machine?
Please tell me the ways to do.

Thanks and Regards,
N.Ramkumar
 
Sebastian Janisch
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Set a flag in the database for instance that the user is already logged in.

Check this once somebody logs on.
 
Maruthi Janardhan
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Setting a flag and preventing login would be a bit troublesome sometime. For example if the browser crashes or the user wants to continue working on another PC due to any reason and has lost contact with the PC where he logged in first. The best thing would be to find the other session object and invalidate it and treat the new login as valid. THis will ensure that the user is logged in at a single location at a time.
Also allow the user to disable this capability and prevent login if required (In which case you would use a flag like Sebastian suggested.
 
Sebastian Janisch
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Upon a second login, you could show a message that there is already an active session for that user, and that it has to be closed in order to continue ...
 
Ramkumar Nachimuthu
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So we have to find all the session object and confirm that whether this user is logged in or not? am i right?
Is there performance issue....
Is there any other way like using LDAP server to maintain single session(I also don't know LDAP, but somebody told me.)

Thanks and Regards,
N.Ramkumar
 
Maruthi Janardhan
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Searching all session objects would be a bad idea. Just maintain a hashmap of login names and session objects in the Servlet Context. You can access the required session by providing the login name.
You will then have to write a session listener to remove the session from the map when it is getting invalidated (Either due to logout or timeout)
I dont think you need to use LDAP for something simple like this.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!