aspose file tools*
The moose likes JSF and the fly likes login user at most once ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSF
Bookmark "login user at most once ?" Watch "login user at most once ?" New topic
Author

login user at most once ?

nimo frey
Ranch Hand

Joined: Jun 28, 2008
Posts: 580
Hello,

I have the following scenario:

I have a login-site with username="hello" and password="world".

Now, I open for example the mozilla-browser and login with my username and password.

All works. In the same browser, I cannot login twice. That s okay.

But when I open a other browser, for example, internet explorer, then I can login again, even when I have been looged in in the mozilla-browser. How can I avoid this?

Should I store the session of the client mozilla into the database and rewrite it, when a new session via internet-explorer starts?
Bauke Scholtz
Ranch Hand

Joined: Oct 08, 2006
Posts: 2458
Manitain somewhere in the application scope a Map<User, HttpSession> so that you can control over it. Let the User implement HttpSessionBindingListener so that you can control add/remove from the map. Or if you don't want to let the User implement it, then just implement a HttpSessionListener which does the removal task when the session get destroyed. Also extend the login/logout logic accordingly.
nimo frey
Ranch Hand

Joined: Jun 28, 2008
Posts: 580
hmm..I have print out my Application-Scope:



But how can I look, what value is to destroy? It must be a sessionID from this User which I have to overwrite with the newest one?
Bauke Scholtz
Ranch Hand

Joined: Oct 08, 2006
Posts: 2458
I didn't mean that. You're fairly new to the concepts, is it? I highly recommend you to dive into the basics. Over there at Sun.com there is a very good Java EE tutorial. Start reading with part II. Start learning JSP. Then Servlets. And then JSF.

After all, what is the functional requirement? Should the user get an error message or should the application logout the other user immediately with(out) notification and proceed with login?

I would add, this specific problem is not specifically related to JSF. I hope that you realize this while searching for a solution.
nimo frey
Ranch Hand

Joined: Jun 28, 2008
Posts: 580
Yes, you are right. It s not JSF-specific.

After all, what is the functional requirement?


The application should the other user logout immediately with(out) notification and proceed with login?

I use EJBs and an EJB-Container.

Maintain somewhere in the application scope a Map<User, HttpSession> so that you can control over it.


Okay, at first I store a Map in my application scope, when the User logs in.

I need a ServletContext and "setAttribute"
http://java.sun.com/j2ee/1.4/docs/api/javax/servlet/ServletContext.html:

Binds an object to a given attribute name in this servlet context. If the name specified is already used for an attribute, this method will replace the attribute with the new to the new attribute.


I call something like



I have tried to get the application with



But it does not work! (I have not implement it into a Servlet, I implement it in a ManagedBean).

However, assume it is working, then I can call the HttpSessionListener: when the same User registers twice, the Session of the User before is overwritten and hence destroyed, when I do this method in my login-logic:

application.setAttribute(User, Session)

So when the Value of the Users Session changes, then the HttpSessionListener calls the sessionDestroyed-Method..

Is this the right way. Have I better possibilities to do that?
nimo frey
Ranch Hand

Joined: Jun 28, 2008
Posts: 580
okay, now I am able to get all the values from session and application via externalContext..
rahulJ james
Ranch Hand

Joined: Oct 03, 2008
Posts: 123
Is it possible for you to share the code for logout
nimo frey
Ranch Hand

Joined: Jun 28, 2008
Posts: 580
I do not have the code anymore, but I can tell you, how I have solved it:

I had SessionListener and stored all the created Sessions in a Map with the actual Login-Name. When the User tries to login again in another browser, then I check, if the users login name is in the map and, if so, I destroy the session stored in the map associated with the username via:



After that, I store the actual session with the same username in the map again and do the login.

That was it.

Hope it helps.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: login user at most once ?
 
Similar Threads
IE is launched(teases me) automatically!
regarding cookies
session gets killed automatically
About Server/client Application
Two requests from two different browsers can be in same session??