Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

HttpSession and not allowing multiple users to log in from same browser

 
ganesh pol
Ranch Hand
Posts: 151
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i want to do following thing

when ever any user try to login with different username and password from same browser my system should logged him as first user

eg
suppose i already logged in with username gp

and again try to open second browser window and try to log in with different password then my system should not all second user to logged in from same browser



while searching the net somewhere i have got code it indicates that we have to synchronized the session

i.e.


/**
* This method sets attributes in session
* @param session
* @param attribute
* @param key
*/
public static void setAttributesInSession(HttpSession session, Object attribute, String key) {
synchronized (session) {
session.setAttribute(key, attribute);
}
}

i have tried above code but it does not work

and allowing other user to logged in


please give me solution
 
Abhijit Sontakey
Ranch Hand
Posts: 67
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
How is authentication done in your system?
After user has loggedinto the system, you can store the userid and passwd of the user as cookies. The servlet can then check the value of these cookies. If these cookies have value, then value in these cookies should be used for authentication.Hope this helps.

Regards
Abhijit.
 
Bimal Patel
Ranch Hand
Posts: 130
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Another thought. You can store whether the user has logged in or not in the DB itself as an extra field to the user table(or whichever you use for storing user data) like had_logged. That field would be only one character in length, [either Y or {N or nothing}].

Or, one more idea. You can store a kind of synchornized HashMap at application context level for whichever user has logged in(you can extra field that for how long he/she has logged in etc.).

I like the cookie thing but cookie acceptance can be disabled by the browser.
[ March 13, 2006: Message edited by: Bimal Patel ]
 
Vishnu Prakash
Ranch Hand
Posts: 1026
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

suppose i already logged in with username gp

and again try to open second browser window and try to log in with different password then my system should not all second user to logged in from same browser


Do you mean same user with different password.

Get the userName log him into session. If another user enters check whether the user has already logged in by getting the session attribute and comparing with it. If you find the userName is in session then send an error message.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic