• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

double login block

 
Bruno Santos
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi all,

Here is my problem:
I cant allow a user to login into the system twice from different machines.
I'm thinking in use a singleton that handles a HashMap with all user's login, so if the same user try to access from other machine the system will block him.
I wanna know how is the best way to put the user's login out from the HashMap, once the user will never click on "logout" button to exit. Is there a eventlistener to inform the singleton that the user's session has expired?

or, if anyone have a better way to do that, please tell me!

thanks!

* Sorry about my poor english!
 
Ron Perich
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
API for HttpSessionListener will help with some of the problem
 
Stan James
(instanceof Sidekick)
Ranch Hand
Posts: 8791
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Any chance you'll be in a clustered environment? If so you'll have to synchronize that state (who is logged on) across all servers.

I used to use a mainframe timesharing OS with a command to "log on HERE" which blew away any other session you had. It was very nice if you walked across the building to visit somebody and decided you needed to log on over there. I guess you could store a user's current location in a database to avoid synchronization across a cluster. No need to know when they log off, either.
 
Fisher Daniel
Ranch Hand
Posts: 582
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Romero,
I agree with Stan James.
I ever have had case like you when we developed a web application.
We added new flag field in table USER (such as IP address or timestamp when users login).
When users login, system will authenticate their user name and password.
That process will also check whether the flag field has been marked or not.
If yes, the system will redirect to 'error' page.
If no, the system will redirect to main page.

Correct me if I am wrong...
Hope this helps
daniel
 
Vivian Ryder
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am doing a similar project. But right now my problem is how would my servlet knows which page it is being redirected to?

Thank you

Vivian
 
Bruno Santos
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Actually my application will not work in a clustered environment, so I decide to implement the HttpSessionListener interface, that tells my list of users logged that a session has been expired.
So I just check if the user is in this list, if yes, the application do not allow his logon.

again, thank you all!

Romero Paoliello
 
Stan James
(instanceof Sidekick)
Ranch Hand
Posts: 8791
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That may mean if somebody accidentally closes the browser they have to wait for the server to timeout the session before they can log in again. Be sure to test scenarios like that and make sure your users are cool with the behavior.
 
Bruno Santos
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The user (my client) is satisfied with the solution, once the case that a user will have to wait the server to expire the session will be very rare due to the kind of system.
If its ok to the client, the problem is solved.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic