| Author |
how we can do that when one user is log successfully
|
shyam ji gautam
Ranch Hand
Joined: Sep 17, 2011
Posts: 46
|
|
Dear all
first i want to elaborate the scenario
it is like that when one user for example user A HAS USERNAME:ANURAG & PASSWORD: UITK
HE IS ALREADY LOGIN SUCCESSFULLY IN APPLICATION HE SURFING THE WEBSITE.
THEN if another person B TRYING TO LOGIN INTO THE APPLICATION BY THE USE OF THE PERSON A USERNAME AND PASSWORD
then during this i want that person B GET A MESSAGE LIKE THIS "U ARE ALREADY LOGIN " .
MEANS HOW WE ENSURE THAT SEESION MANAGEMENT VERIFY THE UNIQUE USER_ID MEANS NO OTHER CAN BE LOG ON WHEN THAT USERID IS ALREADY LOG IN.
THANKS
|
 |
Bear Bibeault
Author and ninkuma
Marshal
Joined: Jan 10, 2002
Posts: 56192
|
|
|
You can;t do that just with the session because each client will gets unique session and they cannot be cross-checked. You'll either need to keep information in the application context to check against, or perhaps even in the DB.
|
[Smart Questions] [JSP FAQ] [Books by Bear] [Bear's FrontMan] [About Bear]
|
|
shyam ji gautam
Ranch Hand
Joined: Sep 17, 2011
Posts: 46
|
|
Bear Bibeault wrote:You can;t do that just with the session because each client will gets unique session and they cannot be cross-checked.
You'll either need to keep information in the application context to check against, or perhaps even in the DB.
sorry for uppercase letter writing my humble for elaborate the concept behind your idea . means let us suppose we has a table current_user
which has field user_id , application_id , session _id ,
and the sessionid is generated from container when user A is login for their user_id and this information is save in this table like this
test , school, jsesso12345 ,
m  eans when user is login then we can check it for user_id exist or not in that table but my doubt is that when the second time user is login then this user_id is already exist for same user so how can he will be able to login for the second time .
please suggest me
thanks and sorry for uppercase
|
|
olivier dutranoit
Ranch Hand
Joined: Aug 20, 2011
Posts: 81
|
|
Bear Bibeault wrote:You can;t do that just with the session because each client will gets unique session and they cannot be cross-checked. You'll either need to keep information in the application context to check against, or perhaps even in the DB.
true, another issue is the session-timeout.
You cannot track exactly when a user leaves the app, to allow another one!
(Unless they invoke a "logout"-function, and still...)
|
|
shyam ji gautam
Ranch Hand
Joined: Sep 17, 2011
Posts: 46
|
|
olivier dutranoit wrote:
Bear Bibeault wrote:You can;t do that just with the session because each client will gets unique session and they cannot be cross-checked. You'll either need to keep information in the application context to check against, or perhaps even in the DB.
true, another issue is the session-timeout.
You cannot track exactly when a user leaves the app, to allow another one!
(Unless they invoke a "logout"-function, and still...)
so what will be the solution for this according to your idea my humble request is that please elaborate me the solution with your view.
means what things i will be follow to fulfil this requirement.
thanks
|
|
abani patra
Ranch Hand
Joined: Oct 11, 2011
Posts: 70
|
|
Hi,
I just want to a add a bit to other posting get as replied for this.
You can use boolean field called loged_in where you will store the validated value of a user true or false according.
So whenever a request come for login check that one first then if already login you can redirect him/her to welcome page.
When logout you can make this filed to false.
|
|
Kumaravadivel Subramani
Ranch Hand
Joined: Jul 05, 2008
Posts: 162
|
|
Hi,
As Bear Bibeault said, you can have the user_name in the web application context when the session created successfully for that user. So you can cross-check the logged users and say already your session exists if an entry exists.
First it will create the following problems,
1. Performance problem due to cross-checks for logged users.
2. If the user has given wrong password with user name and not deleted the entry from session, then he won't able to login again before web application/session timeout ends. (To avoid this you could have listeners to end up session entry)
But if you wanna to restrict the users then you have to go implement any of these with greater flexibility with high performance. Hope this helps.
|
No pain, No gain.
OCJP 1.6
|
|
Ashish Hiriadka
Greenhorn
Joined: Feb 27, 2011
Posts: 5
|
|
I guess we can use HttpSessionListener. When User logs in we can make entry in DB. This can be used to check whether the user is already logged in. In HttpSessionListener.sessionDestroyed() method you can delete entry from Table. Correct me if i am Wrong 
|
|
Bear Bibeault
Author and ninkuma
Marshal
Joined: Jan 10, 2002
Posts: 56192
|
|
Bad idea. You should not tie user login to session creation and removal. You have little control over that.
Rather. use scoped variables placed into the session to indicate whether a user is authenticated or not.
|
|
César Guzmán
Greenhorn
Joined: Mar 08, 2009
Posts: 29
|
|
|
And what if we use load balance with two of more app servers synchronized? using session variables can work weird, maybe one server removes the variables but the other one may not.
|
SCJP 5, SCWCD 5
|
|
 |
|
|
subject: how we can do that when one user is log successfully
|
|
|
0
