mohana krishna wrote:Creata a table in database.
When a user login ener the data in into the table.
If the same user tries to login check data is already presest for that user in Data base.
If data alreday data is present display message to user stating that you have already loged in.
When user log off from session delete data from data base.
When session is expired delete data in data base using Session Listener.
If the user close the session abnormally use a separate application to unlock(delete the data from data base) the appplication.
--Mohan
This is a nice design. However, it can be modified slightly to avoid special unlocking application:
Add an autoincrement field in the table called eg. SESSIONID.When the user logs in, remember the generated SESSIONID in the applicaton.Modify every database operation to verify that the SESSIONID stored in the application still exists in the table. If it does not, throw an exception ("User session was terminated").When the user logs in, verify that he is not already logged. If he is, offer him to remove the old login record and add a new one, thus killing the previous session.Logging off and session expiration without change.
This way, every user can 'kill' his own sessions. Since the user has been authenticated (I presume), he cannot do harm to any other user. No need to have a special application or privileged user to unlock accounts. Care needs to be taken with database locking while modifying the login table to make this work.