aspose file tools*
The moose likes Servlets and the fly likes how we can do that when one user is log successfully Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "how we can do that when one user is log successfully" Watch "how we can do that when one user is log successfully" New topic
Author

how we can do that when one user is log successfully

shyam ji gautam
Ranch Hand

Joined: Sep 17, 2011
Posts: 49

Dear all

first i want to elaborate the scenario
it is like that when one user for example user A HAS USERNAME:ANURAG & PASSWORD: UITK

HE IS ALREADY LOGIN SUCCESSFULLY IN APPLICATION HE SURFING THE WEBSITE.

THEN if another person B TRYING TO LOGIN INTO THE APPLICATION BY THE USE OF THE PERSON A USERNAME AND PASSWORD

then during this i want that person B GET A MESSAGE LIKE THIS "U ARE ALREADY LOGIN " .

MEANS HOW WE ENSURE THAT SEESION MANAGEMENT VERIFY THE UNIQUE USER_ID MEANS NO OTHER CAN BE LOG ON WHEN THAT USERID IS ALREADY LOG IN.

THANKS
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61648
    
  67

You can;t do that just with the session because each client will gets unique session and they cannot be cross-checked. You'll either need to keep information in the application context to check against, or perhaps even in the DB.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
shyam ji gautam
Ranch Hand

Joined: Sep 17, 2011
Posts: 49
Bear Bibeault wrote:You can;t do that just with the session because each client will gets unique session and they cannot be cross-checked.

You'll either need to keep information in the application context to check against, or perhaps even in the DB.



sorry for uppercase letter writing my humble for elaborate the concept behind your idea . means let us suppose we has a table current_user

which has field user_id , application_id , session _id ,

and the sessionid is generated from container when user A is login for their user_id and this information is save in this table like this
test , school, jsesso12345 ,

m eans when user is login then we can check it for user_id exist or not in that table but my doubt is that when the second time user is login then this user_id is already exist for same user so how can he will be able to login for the second time .

please suggest me

thanks and sorry for uppercase
olivier dutranoit
Ranch Hand

Joined: Aug 20, 2011
Posts: 81

Bear Bibeault wrote:You can;t do that just with the session because each client will gets unique session and they cannot be cross-checked. You'll either need to keep information in the application context to check against, or perhaps even in the DB.


true, another issue is the session-timeout.
You cannot track exactly when a user leaves the app, to allow another one!
(Unless they invoke a "logout"-function, and still...)
shyam ji gautam
Ranch Hand

Joined: Sep 17, 2011
Posts: 49
olivier dutranoit wrote:
Bear Bibeault wrote:You can;t do that just with the session because each client will gets unique session and they cannot be cross-checked. You'll either need to keep information in the application context to check against, or perhaps even in the DB.


true, another issue is the session-timeout.
You cannot track exactly when a user leaves the app, to allow another one!
(Unless they invoke a "logout"-function, and still...)



so what will be the solution for this according to your idea my humble request is that please elaborate me the solution with your view.
means what things i will be follow to fulfil this requirement.

thanks
abani patra
Ranch Hand

Joined: Oct 11, 2011
Posts: 70
Hi,
I just want to a add a bit to other posting get as replied for this.
You can use boolean field called loged_in where you will store the validated value of a user true or false according.
So whenever a request come for login check that one first then if already login you can redirect him/her to welcome page.
When logout you can make this filed to false.
Kumaravadivel Subramani
Ranch Hand

Joined: Jul 05, 2008
Posts: 166

Hi,
As Bear Bibeault said, you can have the user_name in the web application context when the session created successfully for that user. So you can cross-check the logged users and say already your session exists if an entry exists.
First it will create the following problems,
1. Performance problem due to cross-checks for logged users.
2. If the user has given wrong password with user name and not deleted the entry from session, then he won't able to login again before web application/session timeout ends. (To avoid this you could have listeners to end up session entry)
But if you wanna to restrict the users then you have to go implement any of these with greater flexibility with high performance. Hope this helps.


No pain, No gain.
OCJP 1.6
Ashish Hiriadka
Greenhorn

Joined: Feb 27, 2011
Posts: 5
I guess we can use HttpSessionListener. When User logs in we can make entry in DB. This can be used to check whether the user is already logged in. In HttpSessionListener.sessionDestroyed() method you can delete entry from Table. Correct me if i am Wrong
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61648
    
  67

Bad idea. You should not tie user login to session creation and removal. You have little control over that.

Rather. use scoped variables placed into the session to indicate whether a user is authenticated or not.
César Guzmán
Greenhorn

Joined: Mar 08, 2009
Posts: 29
And what if we use load balance with two of more app servers synchronized? using session variables can work weird, maybe one server removes the variables but the other one may not.


SCJP 5, SCWCD 5
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: how we can do that when one user is log successfully