• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

I want user to not be able to login to application from two differnet browsers

 
Monica Shiralkar
Ranch Hand
Posts: 866
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I want user to not be able to login to application from two different browsers open.how to do this.

thanks
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What is the purpose of this requirement? It sounds a bit user-hostile.
 
Ivan Jozsef Balazs
Rancher
Posts: 982
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can keep track of the users logged in and do something against the second logging in of the same user on the application level.

In our e-banking application we threw out the first session with a warning to the second.
 
Jesper de Jong
Java Cowboy
Saloon Keeper
Posts: 15495
43
Android IntelliJ IDE Java Scala Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Suppose that a user closes his or her browser without properly logging out. The server then doesn't know that the user doesn't have the browser open anymore. If the user re-opens the browser and tries to start a new session, would the server then tell the user that he or she is still logged in? You'd need a session timeout mechanism on the server, and even then, if the user would quickly close and re-open the browser, there would be a period that he or she cannot log in.

How did you solve that problem in your application Ivan?
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65229
95
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's exactly how my bank's site operates and it irritates me to no end. Is irritating the customers part of the requirements?
 
Ivan Jozsef Balazs
Rancher
Posts: 982
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jesper de Jong wrote:How did you solve that problem in your application Ivan?


It is a web application inside a servlet container which provides session handling mechanism including time-out.

We keep track of the users logged in in a database, and if the same user comes again successfully from the login,
which is on the application level, then we issue a warning and disable the previous session.
Only one login of the same user can be active at any given time. It does not forcibly have to be so, but it is in this case.

We handle login on the application level: that might be important when pondering on how to implement this feature.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic