Win a copy of Testing JavaScript Applications this week in the HTML Pages with CSS and JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

Restrict the user to a single session at a time

 
Ranch Hand
Posts: 384
Spring Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello all,

What I'm trying to do is to restrict the user to a single session and by that i mean to not to allow him to re-login from some other location if he's already logged in.

What I have come up for it is to create a table ... say with three columns
1. username
2. login_time
3. flag ('active','inactive')

now, whenever a user log's in a new row will be created and the flag will be set as active and when he log's out it'll changed to inactive

But the question is how will i change the flag to inactive in case the session times out.

For that, should i just check the row and the login_time to be greater than the session_timeout value or is there any other way to achieve this.

please suggest
 
author & internet detective
Posts: 40035
809
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can use a HttpSessionListener to know when the session is destroyed. This won't tell you about the case where a user closes the browser and immediately opens a new browser though. The original session is still alive for X minutes. One approach is to give the user the option of killing the old session. You'll need to track more information for this approach.

The calculation you suggest won't work. What happens if a user logs in at 9am and then clicks something in your app every 10 minutes all day? The session will still be alive after the default session timeout. You'd need to track "last active time" for this rather than login time.
 
Lalit Mehra
Ranch Hand
Posts: 384
Spring Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Jeanne,

I have actually added the same ... the HttpSessionListener but i guess i'll have to make up a few more amendments as you have now suggested one more use case to me.

Thanks
 
Something must be done about this. Let's start by reading this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
    Bookmark Topic Watch Topic
  • New Topic