aspose file tools*
The moose likes JSP and the fly likes HOW TO RESTRICT USER FROM LOGGING FROM TWO MACHINE Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "HOW TO RESTRICT USER FROM LOGGING FROM TWO MACHINE " Watch "HOW TO RESTRICT USER FROM LOGGING FROM TWO MACHINE " New topic
Author

HOW TO RESTRICT USER FROM LOGGING FROM TWO MACHINE

Shaji Ravindran
Ranch Hand

Joined: Jan 12, 2002
Posts: 39
Hi,
Could any body tell me how can i restrict user from logging in to the server from two machines using same username and password at the same time.
Thanks
Arun Boraiah
Ranch Hand

Joined: Nov 28, 2001
Posts: 233
hi,
You can set a flag on user sucessfull login. To ensure that flag is reset even when user closes the browser(i.e, if user don't log out but just close browsing window) make use of session time out. So that if on user session is expired the flag is reset.
-arun


Sharing is learning
Shaji Ravindran
Ranch Hand

Joined: Jan 12, 2002
Posts: 39
Hi,
Thanks for the reply,but could u tell me how can i know when the session get expired so that i can reset the flag.
Thanks
Arun Boraiah
Ranch Hand

Joined: Nov 28, 2001
Posts: 233
hi,
check out getMaxInactiveInterval() method of HttpSession interface.
-arun
Arun Boraiah
Ranch Hand

Joined: Nov 28, 2001
Posts: 233
Hi,
I have one more thing to add to above said point. Assume that you set session time out for 30 min's. Due to some reason if after login user get disconnected. in this case user will not be able to login for next 30 min.
So set session time out less, if you are using above said approch.
-arun
Shaji Ravindran
Ranch Hand

Joined: Jan 12, 2002
Posts: 39
Hi,
could u elaborate on u'r concept,if u have any code please send it.Mainly the problem is how can i code for resetting the flag
Gordon Jenkinson
Greenhorn

Joined: Feb 03, 2002
Posts: 14
There's a great example of this in Professional JSP by Wrox ISBN1861003-62-5. Although this is the old one it's got stuff in there that's not in the 2nd edition. If you look at chapter 5 JSP Sessions it has an example that does exactly what you want without the restriction from multiple machines, however that would be easy to add.
From this example you can give them the option to stay logged in at the other machine or to invalidate the sesison on the other machine.
Unfortunatley I don't have the code handy but you can find it at
ftp://ftp.wrox.com/professional/3625/3625.zip.
Briefly this is how it works.
When a user logs in a User bean is instatiated with the users name and ip_address ( request.getRemoteHost() ) this is then stored in an application level bean along with the session.
If the user tries to log in again you can check to see if the user/IP combination is stored and if it is then you can either invalidate the other session ( session.invalidate() ) or not allow the login. Using this method you can also stop multiple users logging in from the same IP too.
The other benefit of this is that you can use the application level bean as a way of monitoring who is logged on.
HTH
Regards,
Gordon


Gordon Jenkinson
Arun Boraiah
Ranch Hand

Joined: Nov 28, 2001
Posts: 233
hi,
The eariler approch is not the best solution.(flag setting in db) reason is if user log's and due to some reason say server crash if flag is not reset user will not be able to login again.
There by better approch will be. You have to write a seprate helper class where in one thread will be running all the time(Call this class from login servlet init method). This thread will map session object with user id and put in a hash table. During every login you call a method which will check in the hash table for the user id and if found take the session object and invalidate it. In this way you can restirct user from logging from two machine.Also take care when user log's out or on session time out session object in the hash table is removed (this you can achive by writting a seprate helper class).
Hope this will help you. Regarding code try by your self. when you are stuck let me know.
-arun
[ February 06, 2002: Message edited by: Arun Boraiah ]
Steven Kors
Ranch Hand

Joined: Jan 30, 2002
Posts: 33
nt .. miss read the question
[ February 07, 2002: Message edited by: Steven Kors ]

Thanks,
Steven
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: HOW TO RESTRICT USER FROM LOGGING FROM TWO MACHINE