aspose file tools *
The moose likes Servlets and the fly likes Disable multiple logins by a user in java web application Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Disable multiple logins by a user in java web application" Watch "Disable multiple logins by a user in java web application" New topic
Author

Disable multiple logins by a user in java web application

Anand Loni
Ranch Hand

Joined: Jan 20, 2006
Posts: 150
Hello,

I want to disable multiple logins for a user. If A user logs into application, he should not able to login to application from different browser/machine.

My application uses Weblogic server for authentication, application built on struts, spring and hibernate.

Is there any way in weblogic where I can achieve this ? If not how I can handle this in my application.

Regards,


~ Anand,
SCJP 1.5, SCWCD 1.5
Pravin Shirke
Ranch Hand

Joined: Apr 05, 2008
Posts: 150

Hi Anand,
I think what you can do is if a user is logged in to the system then create a flag in db and set it to some value that it has logged in and when he/she tries for login again from different machine check the flag if its set to the logged in value. if its set to login value block the user else login successful.

Hope this solves your problem


[Vipassana] - It is seeing the reality as it is, And not as you want it to be.!!!
SCJP1.5.
Srikanth Kumar
Ranch Hand

Joined: Jun 04, 2008
Posts: 36
You can also achieve the same thing by caching the user context, if flag in the database is not applicable.


Srikanth Kumar
SCJP 5, SCWCD 5, SCDJWS 5
Abimaran Kugathasan
Ranch Hand

Joined: Nov 04, 2009
Posts: 2066

Srikanth Kumar wrote:You can also achieve the same thing by caching the user context, if flag in the database is not applicable.

Could you elaborate it? How can we use this?

Thanks!


|BSc in Electronic Eng| |SCJP 6.0 91%| |SCWCD 5 92%|
Srikanth Kumar
Ranch Hand

Joined: Jun 04, 2008
Posts: 36
For caching you need to use any third party free wares like open symphony. Once the user logs in to the application, you create an object with the user information. this object resides in the cache till user logs out of the application. If the user requests to login into the application then check in the cache for the object. if exists does not allow, otherwise log the user in.
Hope this is helpful.
Abimaran Kugathasan
Ranch Hand

Joined: Nov 04, 2009
Posts: 2066

So, we need a lot of memory space? Is there any real web application use this? I think, G mail don't use this!

Thanks!
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

What makes you think a cache is in-memory? And why would it need a lot of space to cache a logged in principal?


JavaRanch FAQ HowToAskQuestionsOnJavaRanch
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

pravin shirke wrote:Hi Anand,
I think what you can do is if a user is logged in to the system then create a flag in db and set it to some value that it has logged in and when he/she tries for login again from different machine check the flag if its set to the logged in value. if its set to login value block the user else login successful.

Hope this solves your problem


Remember you'll need to clear this value when a session times out too. Otherwise you are trusting the client to state when they've logged out, which might not be that dependable. Also a fairly brief session timeout value is probably required.

An alternative approach would be to warn the user they are already logged in and overwrite any session state if they decide to proccede.
Srikanth Kumar
Ranch Hand

Joined: Jun 04, 2008
Posts: 36
Gmail uses cookies, if i am not wrong.
Ravi Kiran Va
Ranch Hand

Joined: Apr 18, 2009
Posts: 2234

Use a ApplicationController , which will be responsible to store all the logged requests in a ArrayList .
So for every request , chck the username inside the ArrayList first then do what ever operation you want .


Save India From Corruption - Anna Hazare.
Hebert Coelho
Ranch Hand

Joined: Jul 14, 2010
Posts: 754

You can create a Listener/Filter and check if they user is already logged. You can create cookie. It's up to you.

I believe that what Ravi Kiran said it's the easier.


[uaiHebert.com] [Full WebApplication JSF EJB JPA JAAS with source code to download] One Table Per SubClass [Web/JSF]
 
 
subject: Disable multiple logins by a user in java web application