• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How to impletmet the Single Sing on

 
Ranch Hand
Posts: 226
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi
Scenario
USer will open the Browser , and log on to the site from Computer C1 using USername : ADMIN

if he will open the Another Instance of the Browser from the Computer C1 (Same node) and try to log on the system using ADMIN then it must throw the error,

now current system is accepting the multipale user logging on same user from Same Node

i want to restrict the user once he will log on to the system using user ADMIn then he will not able to log on to the system from same user on same node.


how i will implement using servlet..


if anybody knows , please give some guidelines
not excepting the code....

i already try using IP address but , this solution is not the BEST whrn user will try proxy server.
 
Bartender
Posts: 10336
Hibernate Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


i already try using IP address but , this solution is not the BEST whrn user will try proxy server


...and of course the IP address will be the same no matter how many browsers are opened on the same node.

You need to audit the sessions that are open. There's a number of different ways of doing this: currently the app I'm working uses a DB table which contains open sessions. The table keeps a record of user ID and session ID. Every request, after container managed security has authenticated the user, checks if the authenticated user has a currently valid session (represented by an entry in the table). If they do and the sesison ID matches then the request is passed. If they do and the session ID doesn't match, then an exception is thrown and the user is logged out.
 
Santosh Maskar
Ranch Hand
Posts: 226
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Paul
i have a table StirCustomerMst, which is mainting the user id , and we have another table like custtxnlogin which is maintian the Session,

when user is loginged in then request will be come throug the security filet and checks the Authentication , if yes then i will update the custLoingTxn table with new session value ,


I got the Idea if u have time then please ellobrate the concept that you suggested.

Very very thanks you for this good suggestion
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic