Here is my problem: I cant allow a user to login into the system twice from different machines. I'm thinking in use a singleton that handles a HashMap with all user's login, so if the same user try to access from other machine the system will block him. I wanna know how is the best way to put the user's login out from the HashMap, once the user will never click on "logout" button to exit. Is there a eventlistener to inform the singleton that the user's session has expired?
or, if anyone have a better way to do that, please tell me!
Any chance you'll be in a clustered environment? If so you'll have to synchronize that state (who is logged on) across all servers.
I used to use a mainframe timesharing OS with a command to "log on HERE" which blew away any other session you had. It was very nice if you walked across the building to visit somebody and decided you needed to log on over there. I guess you could store a user's current location in a database to avoid synchronization across a cluster. No need to know when they log off, either.
A good question is never answered. It is not a bolt to be tightened into place but a seed to be planted and to bear more seed toward the hope of greening the landscape of the idea. John Ciardi
Hi Romero, I agree with Stan James. I ever have had case like you when we developed a web application. We added new flag field in table USER (such as IP address or timestamp when users login). When users login, system will authenticate their user name and password. That process will also check whether the flag field has been marked or not. If yes, the system will redirect to 'error' page. If no, the system will redirect to main page.
Correct me if I am wrong... Hope this helps daniel
I am doing a similar project. But right now my problem is how would my servlet knows which page it is being redirected to?
Joined: Nov 11, 2004
Actually my application will not work in a clustered environment, so I decide to implement the HttpSessionListener interface, that tells my list of users logged that a session has been expired. So I just check if the user is in this list, if yes, the application do not allow his logon.
again, thank you all!
Joined: Jan 29, 2003
That may mean if somebody accidentally closes the browser they have to wait for the server to timeout the session before they can log in again. Be sure to test scenarios like that and make sure your users are cool with the behavior.
Joined: Nov 11, 2004
The user (my client) is satisfied with the solution, once the case that a user will have to wait the server to expire the session will be very rare due to the kind of system. If its ok to the client, the problem is solved.