This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
Actually, it is the login page, with login id and password. The user with valid login id and password can login.. So anyone got the login id and password can use the service. We wanna to control only one use are using the service. so we wanna to inactivate the first login so that the second user with valid login can continue. Thank for your suggestion. But I am still have difficult in using the sessionId to retrieve the actual object and inactive the old session The session ID is getting from the first login HttpSession session = request.getSession(true); sessionID = session.getId(); and this sessionID is put into DB, when the second user login, it will check if this user Id has login not logout. and actually, we retrieve the sessionID from DB and wanna to use it for INactivate the old session. However, I still not figure out how to do it.. Thanks for your kind help and many thanks Regards,
I authenticate user by login id and password..Thanks Dear guys, if there is duplicate login, I wanna to logout the previous login. I have the previous session ID, I wanna to know if it is possible to remove th previous session using this session id .so the the previous login will be invalidated.
[ March 09, 2005: Message edited by: grace chow ]
[ March 11, 2005: Message edited by: grace chow ] [ March 11, 2005: Message edited by: grace chow ]
if there is duplicate login, I wanna to logout the previous login. I have the previous session ID, I wanna to know if it is possible to remove th previous session using this session id .so the the previous login will be invalidated.
There is an invalidate() method in the javax.servlet.http.HttpSession object. That would probably do it. Although, if you only have the session id and not the actual object, I'm not sure if you could get the HttpSession object. You could also use setMaxInactiveInterval() when you first create the sessions to something rather brief so that the old session (presumably inactive) would expire on its own. That could cause be a problem if your users will spend a lot of time being inactive -- their sessions will keep expiring.