Hi , I have some servlets deployed on Tomcat server. My application requires a login id and password. Thus i have a login screen. How do i prevent 2 people from logging using the same login id and password. I thought i will have a status field in the database to show if the person is logged in. Thus if someone else logins using the same id and password , i will not let him login. And i will provide a logout button, so that a sure can logout, which will update the status field in the database. But this has a problem. what if the user juz quits the browser, without clicking the Logout button. So what do i do?? How do i really tackle this?? What is the best approach??? Regards Saj
I think, you can have a separate daemon thread running on server, which can track the time since a person is logged in. After a pre-defined time you can mark the person logged out. But this has a flaw, if you set the time as say 6 mins, then a valid user, who is working, will automatically logged out after each 6 mins. To cope up with this, can have one more additional field in database, say last activity time. The daemon thread should start counting from this time. i.e. if a user is INACTIVE for specified time he can be logged out. This imposes overhead, but if your requirements are so, you may have to go for such solution. Regards, Deeapk
Use session timeout concept.. In Detail.. 1)Set session timeout for ur application. 2)Whenever user logged in store his userId and password in Active user list..(May be in Servlet Context) 3)When some different user logged in check user name in Active list. If present already deny that (2 nd)user to login 4)now when user clicked logout remove corresponding entries from table. 5) id user clicked 'X' in browser window and exited, After session time out period delete his entries from table. 6)Even if user is working for t preiod (t>session time out time)session cannot be timed out as user sending one or other request.. Hope this helps. Rgds Manohar
Originally posted by Manohar Karamballi: Use session timeout concept.. 5) id user clicked 'X' in browser window and exited, After session time out period delete his entries from table.
I know how to set the session timeout in the Session object. What I don't know how to do is write a segment of code that will determine whether or not the session has timed out. To my knowledge, there is no method in HttpSession that indicates the time that the user originall logged in. As far as I know, I only have access to the length of the session timeout, and the current time. Is there a way to programmatically determine whether or not the user has timed out?