I have to prevent multiple user logins to my web application developed in JSP,Servlet
I used following tricks
I have maintain Table for user and password .that table to add one more column loginstatus . whenever he/she login change flag yes .when logout change flag no. when the user going to login know that time just check the status .if flag no(N) then allow user otherwise do not allow .
The solution above seems to be work, but some cases the logged user does not click on logout button! So, the session in this case will be expired, and if the user will try logon again will receive error. How can I handle this case?
You should change the status of the user when the session is destroyed. Note that if the user doesn't logout, the session will be destroyed only after the web server times the session out. So, there will be a period of time where the user's account will be locked