This week's book giveaway is in the OCAJP forum.
We're giving away four copies of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) and have Khalid A Mughal & Rolf W Rasmussen on-line!
See this thread for details.
Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to prevent login by the same user from different machine

 
Shriram Pandit
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am developing web app in struts 2 and I have requirement where if user is trying to login from different machine only one session (recent) should be allowed and all other session should invalidated.


Please help me in this regard,

Really appreciate your help.

Thanks,
Shriram.
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34837
369
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You 'll need to keep track of which users are logged in and a reference to their session (say by putting a random number in it that you then store in the database.) That way you know if the user comes in with a new session.
 
Shriram Pandit
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Jeanne for the reply but real problem is we never know if client closes browser without properly logging out. Also do you think if it would be a overhead on database becuase every request there will database call.

Please suggest.

Thanks in advance.
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34837
369
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Shriram Pandit wrote:Thanks Jeanne for the reply but real problem is we never know if client closes browser without properly logging out.

Right. But that problem isn't solvable.

Shriram Pandit wrote: Also do you think if it would be a overhead on database becuase every request there will database call.

You can cache in memory for X seconds rather than check every request. Or if you are only running on one clone/JVM, you can do the whole thing in memory. If not, what alternatives do you have? You could write to the file system, but that's not going to better.
 
Shriram Pandit
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Jeanne for the Reply.

Now I am trying to convince my manager to implement this functionality using database. That would be easy as well as reliable.

Will let you know once this is done. Appreciate your help.

Cheers.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic