I wanted to implement "multiple login prevention" logic in my application. Whenever any user will log into application system will check for same userid into user map which is stored in application scope and if it find any then it will terminate that already logged in user.
I wanted to know how I can terminate that session (another person who is already logged in) using his session id.
I would appreciate if you can put some light on this.
Thanks in advance
Why do you want to close the older login? Wouldn't that be a nasty shock to the original user?
Why not just prevent the new login - that seems to be the usual approach.
Whenever any user will log into application system will check for same userid into user map which is stored in application scope
Be warned that this maywork in a single server and will not fly in a clustered environment.
Hi , why this will not work in a clustered environment as becasue he is storing the data in a application context ??
Right - that's one reason. The application context object (or any object for that matter) is local to that jvm. In a clustered environment, the application would be deployed on mutiple server instances (multiple jvms) and each would have it's own application context object.
A second reason is that the session (and by extension the ids) are also in memory objects. Session replication is a primary feature of clustered deployments. There is no guarantee that all requests would be served by the same machine in the cluster. In another machine, on another jvm, while the replicated session would contain the same data as the original, it is an entirely different object local to that jvm and with an altogether different session id.
The application context object (or any object for that matter) is local to that jvm. In a clustered environment, the application would be deployed on mutiple server instances (multiple jvms) and each would have it's own application context object.
Thank you ramprasad the informationn was quite useful .
Sunil Chavan wrote:
you could use a HttpSessionListener to add newly created HttpSession objects to a Map
Will that create a Performance issue as I have 500 concurrent users.
That's hard to tell and depends on many things - the kind of hardware your server runs on, whether it is clustered etc.
Application servers may passivate sessions to improve performance - so if you are going to interfere with the lifecycle of container managed objects (like retaining a reference to the HttpSession object in this case), it certainly warrants some kind of performance testing.