• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Unique Session handling

 
Ranch Hand
Posts: 83
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
HI All,

I have requirement, where unique session handling is to be done,

i,e if a user 'X' is logged in to my application, he should not be allowed to login anywhere again (even in the same machine) until he closes the existing session.

I would like to have you help on how to proceed with the same.

Thanks in advance
Vaishnav
 
Ranch Hand
Posts: 4864
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Here's one possible solution:
  • When the user logs on, put the user ID in a list of current users kept in Application scope (The ServletContext object)
  • Keep the current User Id as an attribute of the HTTPSession object
  • Implement an HTTPSession listener with a sessionDestroyed() method that removes the user ID from the list
  • When a user tries to log on, check to see if the user Id is in the list of current users. If it is, don't let them log on.
  • There is still at least one problem you will have to decide how to handle:

    If a user loses the connection or closes the browser accidentally, the user ID is still going to be in the list until the session times out. This could be frustrating for a user to have to wait. You may want to put up a dialog saying something like "It appears you have another session open. Only one is allowed at a time. Do you want to release the old session and start a new one now?" This at least gives someone the ability to still log on in this situation.
     
    Ranch Hand
    Posts: 3389
    Mac MySQL Database Tomcat Server
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    That seems to be the good solutios Merill.

    The last option would be more useful i guess if in case such scenario occurs.
    reply
      Bookmark Topic Watch Topic
    • New Topic