i have use is new method to prevent multiple loging using session .IN my application if someone login i create session object using req.getsession()and setAtrribute(userid,userid).when i will logout and again login than isnew() method return false but when i will login another time after logout or restart tomcat server than than isnew method return true but it has written false. what i will do for prventing multiple login using session in java. [ March 23, 2007: Message edited by: Bear Bibeault ]
Rather than relying on the isNew property, I test for the existence of an object bound to session. In your case, you've already said that you bind a userId to session. Just test for that. If it is null then the user is not logged in. If it is not null, then you know they are currently logged in.
I may be missing something here, but how does binding a user-id to a session prevent multiple logons by a single user to an application? I can see how it would prevent multiple logins from the same machine (assuming multiple browser windows use the same session) but not from different machines.
Actually, it doesn't. We haven't progressed that far yet. Getting to reliably tell if one user is logged in needs to be accompished first, and so far it's been pointed out that trying to use isNew() is folly.
Once we get past that hump, then we can start talking about session listeners.
Originally posted by John Simpson: I may be missing something here, but how does binding a user-id to a session prevent multiple logons by a single user to an application?
I have yet to see anyone suggest a reliable and reasonable way to prevent multiple logins using the same credentials from different machines in a web application. This conversation has occurred multiple times in this and the JSP forum (but mostly this one).
We have a pretty good search engine now so poke around a bit and see if you can find some of them. Since I always respond the same way to this question, the keyword "reliable" would probably be a good start.