Setting a flag and preventing login would be a bit troublesome sometime. For example if the browser crashes or the user wants to continue working on another PC due to any reason and has lost contact with the PC where he logged in first. The best thing would be to find the other session object and invalidate it and treat the new login as valid. THis will ensure that the user is logged in at a single location at a time.
Also allow the user to disable this capability and prevent login if required (In which case you would use a flag like Sebastian suggested.
Upon a second login, you could show a message that there is already an active session for that user, and that it has to be closed in order to continue ...
JDBCSupport - An easy to use, light-weight JDBC framework -
So we have to find all the session object and confirm that whether this user is logged in or not? am i right?
Is there performance issue....
Is there any other way like using LDAP server to maintain single session(I also don't know LDAP, but somebody told me.)
Searching all session objects would be a bad idea. Just maintain a hashmap of login names and session objects in the Servlet Context. You can access the required session by providing the login name.
You will then have to write a session listener to remove the session from the map when it is getting invalidated (Either due to logout or timeout)
I dont think you need to use LDAP for something simple like this.
-MJ
www.leviossa.com
It wasn't my idea to go to some crazy nightclub in the middle of nowhere. I just wanted to stay home and cuddle with this tiny ad:
a bit of art, as a gift, that will fit in a stocking