• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Disable multiple logins by a user in java web application

 
Anand Loni
Ranch Hand
Posts: 150
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

I want to disable multiple logins for a user. If A user logs into application, he should not able to login to application from different browser/machine.

My application uses Weblogic server for authentication, application built on struts, spring and hibernate.

Is there any way in weblogic where I can achieve this ? If not how I can handle this in my application.

Regards,
 
Pravin Shirke
Ranch Hand
Posts: 152
Chrome Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Anand,
I think what you can do is if a user is logged in to the system then create a flag in db and set it to some value that it has logged in and when he/she tries for login again from different machine check the flag if its set to the logged in value. if its set to login value block the user else login successful.

Hope this solves your problem
 
Srikanth Kumar
Ranch Hand
Posts: 36
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can also achieve the same thing by caching the user context, if flag in the database is not applicable.
 
Abimaran Kugathasan
Ranch Hand
Posts: 2066
Clojure IntelliJ IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Srikanth Kumar wrote:You can also achieve the same thing by caching the user context, if flag in the database is not applicable.

Could you elaborate it? How can we use this?

Thanks!
 
Srikanth Kumar
Ranch Hand
Posts: 36
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
For caching you need to use any third party free wares like open symphony. Once the user logs in to the application, you create an object with the user information. this object resides in the cache till user logs out of the application. If the user requests to login into the application then check in the cache for the object. if exists does not allow, otherwise log the user in.
Hope this is helpful.
 
Abimaran Kugathasan
Ranch Hand
Posts: 2066
Clojure IntelliJ IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So, we need a lot of memory space? Is there any real web application use this? I think, G mail don't use this!

Thanks!
 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What makes you think a cache is in-memory? And why would it need a lot of space to cache a logged in principal?
 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
pravin shirke wrote:Hi Anand,
I think what you can do is if a user is logged in to the system then create a flag in db and set it to some value that it has logged in and when he/she tries for login again from different machine check the flag if its set to the logged in value. if its set to login value block the user else login successful.

Hope this solves your problem


Remember you'll need to clear this value when a session times out too. Otherwise you are trusting the client to state when they've logged out, which might not be that dependable. Also a fairly brief session timeout value is probably required.

An alternative approach would be to warn the user they are already logged in and overwrite any session state if they decide to proccede.
 
Srikanth Kumar
Ranch Hand
Posts: 36
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Gmail uses cookies, if i am not wrong.
 
Ravi Kiran Va
Ranch Hand
Posts: 2234
Eclipse IDE Firefox Browser Redhat
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Use a ApplicationController , which will be responsible to store all the logged requests in a ArrayList .
So for every request , chck the username inside the ArrayList first then do what ever operation you want .
 
Hebert Coelho
Ranch Hand
Posts: 754
Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can create a Listener/Filter and check if they user is already logged. You can create cookie. It's up to you.

I believe that what Ravi Kiran said it's the easier.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic