wood burning stoves 2.0*
The moose likes Servlets and the fly likes Avoid login page for already logged in user Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Avoid login page for already logged in user" Watch "Avoid login page for already logged in user" New topic
Author

Avoid login page for already logged in user

Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 10210
    
166

I am not very sure whether this is the correct forum to post this question. In case someone feels there is some other appropriate forum for this, please move it there.

Here's what we are trying to achieve:

- We have a J2EE application deployed on Websphere(this question is not specific to Websphere, though).
- The user is provided with a login page where he can enter his username/password and access the application.

Our requirement is if a user "xyz" logs in from one browser on a machine and then later on from some other browser(but the same machine), tries to access the application, he should NOT be shown the login page. He should be allowed to access the page directly. Briefly, if a user is already logged in from a different instance of browser, he should NOT be shown the login screen again, until he logs out.

1) Is this similar to Single SignOn(or is this completely different from Single SignOn)?
2) If yes, are there any Open Source libraries which we can use in our application to achieve this?

If not, what are the alterantives able for implementing this requirement?

Any suggestions are appreciated.


[My Blog] [JavaRanch Journal]
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

If the person is using another browser instance, then you will not be able to rely on JSP sessions for this.
You would need to implement some sort of persistant cookie (like Javaranch does).


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 10210
    
166

Thanks Ben Souther for answering that.

So this is no where related to Single SignOn, right?(just wanted to make sure).

Also, this appears to be application specific issue and should be handled by application specific logic, right?

Thanks for pointing to cookies. If we need to write some application specific logic of handling this, would maintaing the logged in user names in a database be a better option(in case cookies are disabled)?
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Single sign on allows you to (from one browser session) access multiple webapps running under the same container without having to log into each of them separately.

In this case you want to be able to leave and come back with a different browser instance. They're not the same.
Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 10210
    
166

Thanks a lot for the help, Ben Souther. Those answers helped.
Joshua Cloch
Ranch Hand

Joined: Apr 27, 2006
Posts: 95
In my opinion, there are two possibilities.

1, If you use different browsers,such as IE and Firefox, the goal could hardly be achieved without using permanent data storage.

2, If you use one browser, what you need to do is to check if the user in session scope exists.


truehh@hotmail.com
Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 10210
    
166

If you use one browser, what you need to do is to check if the user in session scope exists.


This cant be done since even if i am using a single browser(IE), i might open multiple *instances* of the browser. In such a case a new session will be created for the second browser instance.

As Ben Souther mentioned, cookies seem to be the answer for this requirement. And if cookies are disabled, may be rely on database.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Avoid login page for already logged in user