Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Duplicate Login

 
grace chow
Greenhorn
Posts: 13
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Actually, it is the login page, with login id and password.
The user with valid login id and password can login.. So anyone got the login id and password can use the service. We wanna to control only one use are using the service. so we wanna to inactivate the first login so that the second user with valid login can continue. Thank for your suggestion. But I am still have difficult in using the sessionId to retrieve the actual object and inactive the old session
The session ID is getting from the first login
HttpSession session = request.getSession(true);
sessionID = session.getId();
and this sessionID is put into DB, when the second user login, it will check if this user Id has login not logout. and actually, we retrieve the sessionID from DB and wanna to use it for INactivate the old session.
However, I still not figure out how to do it..
Thanks for your kind help and many thanks
Regards,


I authenticate user by login id and password..Thanks
Dear guys,
if there is duplicate login, I wanna to logout the previous login.
I have the previous session ID, I wanna to know if it is possible to remove th previous session using this session id .so the the previous login will be invalidated.

Regards,

[ March 09, 2005: Message edited by: grace chow ]

[ March 11, 2005: Message edited by: grace chow ]
[ March 11, 2005: Message edited by: grace chow ]
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How are you authenticating users?
 
H Wilson
Ranch Hand
Posts: 33
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by grace chow:

if there is duplicate login, I wanna to logout the previous login.
I have the previous session ID, I wanna to know if it is possible to remove th previous session using this session id .so the the previous login will be invalidated.


There is an invalidate() method in the javax.servlet.http.HttpSession object. That would probably do it. Although, if you only have the session id and not the actual object, I'm not sure if you could get the HttpSession object. You could also use setMaxInactiveInterval() when you first create the sessions to something rather brief so that the old session (presumably inactive) would expire on its own. That could cause be a problem if your users will spend a lot of time being inactive -- their sessions will keep expiring.

How is it your users would be logging in twice?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic