File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes  HttpSession  and not allowing multiple users to log  in from same browser Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark " HttpSession  and not allowing multiple users to log  in from same browser" Watch " HttpSession  and not allowing multiple users to log  in from same browser" New topic
Author

HttpSession and not allowing multiple users to log in from same browser

ganesh pol
Ranch Hand

Joined: Apr 29, 2005
Posts: 151
i want to do following thing

when ever any user try to login with different username and password from same browser my system should logged him as first user

eg
suppose i already logged in with username gp

and again try to open second browser window and try to log in with different password then my system should not all second user to logged in from same browser



while searching the net somewhere i have got code it indicates that we have to synchronized the session

i.e.


/**
* This method sets attributes in session
* @param session
* @param attribute
* @param key
*/
public static void setAttributesInSession(HttpSession session, Object attribute, String key) {
synchronized (session) {
session.setAttribute(key, attribute);
}
}

i have tried above code but it does not work

and allowing other user to logged in


please give me solution
Abhijit Sontakey
Ranch Hand

Joined: Sep 26, 2005
Posts: 67
Hi,
How is authentication done in your system?
After user has loggedinto the system, you can store the userid and passwd of the user as cookies. The servlet can then check the value of these cookies. If these cookies have value, then value in these cookies should be used for authentication.Hope this helps.

Regards
Abhijit.
Bimal Patel
Ranch Hand

Joined: Aug 29, 2003
Posts: 130
Hi,

Another thought. You can store whether the user has logged in or not in the DB itself as an extra field to the user table(or whichever you use for storing user data) like had_logged. That field would be only one character in length, [either Y or {N or nothing}].

Or, one more idea. You can store a kind of synchornized HashMap at application context level for whichever user has logged in(you can extra field that for how long he/she has logged in etc.).

I like the cookie thing but cookie acceptance can be disabled by the browser.
[ March 13, 2006: Message edited by: Bimal Patel ]

Work Hard, Expect The Worst...<br /> <br />Bimal R. Patel<br />(SCJP 1.2, SCWCD 1.4)
Vishnu Prakash
Ranch Hand

Joined: Nov 15, 2004
Posts: 1026

suppose i already logged in with username gp

and again try to open second browser window and try to log in with different password then my system should not all second user to logged in from same browser


Do you mean same user with different password.

Get the userName log him into session. If another user enters check whether the user has already logged in by getting the session attribute and comparing with it. If you find the userName is in session then send an error message.


Servlet Spec 2.4/ Jsp Spec 2.0/ JSTL Spec 1.1 - JSTL Tag Documentation
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: HttpSession and not allowing multiple users to log in from same browser