aspose file tools*
The moose likes Servlets and the fly likes Keeping track of Logged users Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Keeping track of Logged users" Watch "Keeping track of Logged users" New topic
Author

Keeping track of Logged users

kiranreddy reddy
Greenhorn

Joined: Jan 02, 2006
Posts: 11
Hello
I have a question regarding user Loggig in.

Suppose a user is logged in at a client, and if the same user id is used to login at other client, I want to log off the user who first logged in. It is something similar that happens in Yahoo Messenger.

I guess it can be done by using DB persistance to keep track of users logged in, but not quite sure how tthe client can get to know that, unless the page is refreshed in some way.


Plz post if u have any ideas
sachin yadav
Ranch Hand

Joined: Nov 24, 2005
Posts: 156
hi,

though i haven't solved such a problem but i guess if u maintain the user session in servlet context which is a unique place for a prticuler web application then u can easily track user, and do what u want. also u have to make changes in ur XML.

tell me if u figure out the problem,

bye,

sachin.
Vishnu Prakash
Ranch Hand

Joined: Nov 15, 2004
Posts: 1026
You can store all the user information in a MAP(name/value pairs) and create a session for the user. If the same username/password is entered from another machine first check it against the map and if the user is already logged-in then invalidate the existing session and redirect the first user to a SessionExpired page and dump all the existing session and other stuff in to the new user.


Servlet Spec 2.4/ Jsp Spec 2.0/ JSTL Spec 1.1 - JSTL Tag Documentation
kiranreddy reddy
Greenhorn

Joined: Jan 02, 2006
Posts: 11
Thanks Sachin aand Vishnu

both the solutions look feasible... I will try if I can get it done, I will get back once its done or even not done :-)

Thanks
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

This topic has been dicussed a few times, at great length, here and in the JSP forum. In every case, I've maintained that there isn't a reliable way to do this in a webapp. I've yet to see an argument that will change my mind.

I'm not sure how easy it will be to find the threads but if you do you you'll find some pretty detailed discussions about the pitfalls and some of the recommended workarounds for them. If I get time, later today, I will see if I can dig up the threads and will post the links.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
kiranreddy reddy
Greenhorn

Joined: Jan 02, 2006
Posts: 11
hi,

I tried the follwing method

a) created a ServletContextListener class which is triggered when any attribute is modified
b) each time a user logs in add the userId to an arraylist and add the arraylist as an attribute to the servletContext
c) Now if already user "aaa" is logged in at a one client, so the array list contains "aaa". If other user "bbb" logs in it is also added to arraylist and servletcontext attribute is set again, and the class whih implements Servlet ContextListener is triggered, in which I check if there are any duplicates.

But now I am not sure how I should invalidate the session of the first user, i.e. how to call a method or a servlet or JSP which invalidates the first user and how to pass that session

do I have to map a session with userID and usea Map instead of ArrayList and use it to retrieve the required session
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Here's one thread.
I know there were several others (maybe in the JSP forum) that went on even longer.

http://www.coderanch.com/t/360305/Servlets/java/Session-Handling-restrict-only-one
dema rogatkin
Ranch Hand

Joined: Oct 09, 2002
Posts: 294
You mean solve the problem when container managed authentication used?


Tough in space?, <a href="http://tjws.sf.net" target="_blank" rel="nofollow">Get J2EE servlet container under 150Kbytes here</a><br />Love your iPod and want it anywhere?<a href="http://mediachest.sf.net" target="_blank" rel="nofollow">Check it here.</a><br /><a href="http://7bee.j2ee.us/book/Generics%20in%20JDK%201.5.html" target="_blank" rel="nofollow">Curious about generic in Java?</a><br /><a href="http://7bee.j2ee.us/bee/index-bee.html" target="_blank" rel="nofollow">Hate ant? Use bee.</a><br /><a href="http://7bee.j2ee.us/addressbook/" target="_blank" rel="nofollow">Need contacts anywhere?</a><br /><a href="http://searchdir.sourceforge.net/" target="_blank" rel="nofollow">How to promote your business with a search engine</a>
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Originally posted by dema rogatkin:
You mean solve the problem when container managed authentication used?


I believe he's talking about insuring that one user can't log in from two different browsers at the same time.
dema rogatkin
Ranch Hand

Joined: Oct 09, 2002
Posts: 294
We use checking validity session id against database. Generally it isn't so much overhead considering that Amazon updates db on every click.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Keeping track of Logged users
 
Similar Threads
How to restrict duplicate login?
Session Question -- Global Sessions????
session problem
calling include again
Need to get the user id of the machine raising the request.