aspose file tools*
The moose likes Servlets and the fly likes double login block Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "double login block" Watch "double login block" New topic
Author

double login block

Bruno Santos
Greenhorn

Joined: Nov 11, 2004
Posts: 7
hi all,

Here is my problem:
I cant allow a user to login into the system twice from different machines.
I'm thinking in use a singleton that handles a HashMap with all user's login, so if the same user try to access from other machine the system will block him.
I wanna know how is the best way to put the user's login out from the HashMap, once the user will never click on "logout" button to exit. Is there a eventlistener to inform the singleton that the user's session has expired?

or, if anyone have a better way to do that, please tell me!

thanks!

* Sorry about my poor english!
Ron Perich
Ranch Hand

Joined: Mar 25, 2003
Posts: 41
API for HttpSessionListener will help with some of the problem


RP
Stan James
(instanceof Sidekick)
Ranch Hand

Joined: Jan 29, 2003
Posts: 8791
Any chance you'll be in a clustered environment? If so you'll have to synchronize that state (who is logged on) across all servers.

I used to use a mainframe timesharing OS with a command to "log on HERE" which blew away any other session you had. It was very nice if you walked across the building to visit somebody and decided you needed to log on over there. I guess you could store a user's current location in a database to avoid synchronization across a cluster. No need to know when they log off, either.


A good question is never answered. It is not a bolt to be tightened into place but a seed to be planted and to bear more seed toward the hope of greening the landscape of the idea. John Ciardi
Fisher Daniel
Ranch Hand

Joined: Sep 14, 2001
Posts: 582
Hi Romero,
I agree with Stan James.
I ever have had case like you when we developed a web application.
We added new flag field in table USER (such as IP address or timestamp when users login).
When users login, system will authenticate their user name and password.
That process will also check whether the flag field has been marked or not.
If yes, the system will redirect to 'error' page.
If no, the system will redirect to main page.

Correct me if I am wrong...
Hope this helps
daniel
Vivian Ryder
Greenhorn

Joined: Nov 12, 2004
Posts: 20
I am doing a similar project. But right now my problem is how would my servlet knows which page it is being redirected to?

Thank you

Vivian
Bruno Santos
Greenhorn

Joined: Nov 11, 2004
Posts: 7
Actually my application will not work in a clustered environment, so I decide to implement the HttpSessionListener interface, that tells my list of users logged that a session has been expired.
So I just check if the user is in this list, if yes, the application do not allow his logon.

again, thank you all!

Romero Paoliello
Stan James
(instanceof Sidekick)
Ranch Hand

Joined: Jan 29, 2003
Posts: 8791
That may mean if somebody accidentally closes the browser they have to wait for the server to timeout the session before they can log in again. Be sure to test scenarios like that and make sure your users are cool with the behavior.
Bruno Santos
Greenhorn

Joined: Nov 11, 2004
Posts: 7
The user (my client) is satisfied with the solution, once the case that a user will have to wait the server to expire the session will be very rare due to the kind of system.
If its ok to the client, the problem is solved.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: double login block
 
Similar Threads
User class in class diagram
double login block
how to know which users are using in the system?
HashMap Vs HashTable
Accessing a session scoped variable anywhere outside the session scoped context