File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Struts and the fly likes Unique Session handling Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Unique Session handling" Watch "Unique Session handling" New topic

Unique Session handling

rudresh kumar
Ranch Hand

Joined: Jan 04, 2006
Posts: 83
HI All,

I have requirement, where unique session handling is to be done,

i,e if a user 'X' is logged in to my application, he should not be allowed to login anywhere again (even in the same machine) until he closes the existing session.

I would like to have you help on how to proceed with the same.

Thanks in advance
Merrill Higginson
Ranch Hand

Joined: Feb 15, 2005
Posts: 4864
Here's one possible solution:
  • When the user logs on, put the user ID in a list of current users kept in Application scope (The ServletContext object)
  • Keep the current User Id as an attribute of the HTTPSession object
  • Implement an HTTPSession listener with a sessionDestroyed() method that removes the user ID from the list
  • When a user tries to log on, check to see if the user Id is in the list of current users. If it is, don't let them log on.
  • There is still at least one problem you will have to decide how to handle:

    If a user loses the connection or closes the browser accidentally, the user ID is still going to be in the list until the session times out. This could be frustrating for a user to have to wait. You may want to put up a dialog saying something like "It appears you have another session open. Only one is allowed at a time. Do you want to release the old session and start a new one now?" This at least gives someone the ability to still log on in this situation.

    Consultant, Sima Solutions
    Raghavan Muthu
    Ranch Hand

    Joined: Apr 20, 2006
    Posts: 3381

    That seems to be the good solutios Merill.

    The last option would be more useful i guess if in case such scenario occurs.

    Everything has got its own deadline including one's EGO!
    [CodeBarn] [Java Concepts-easily] [Corey's articles] [SCJP-SUN] [Servlet Examples] [Java Beginners FAQ] [Sun-Java Tutorials] [Java Coding Guidelines]
    I agree. Here's the link:
    subject: Unique Session handling
    It's not a secret anymore!