GeeCON Prague 2014*
The moose likes Servlets and the fly likes Restrict the user to a single session at a time Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » Servlets
Bookmark "Restrict the user to a single session at a time " Watch "Restrict the user to a single session at a time " New topic
Author

Restrict the user to a single session at a time

Lalit Mehra
Ranch Hand

Joined: Jun 08, 2010
Posts: 384

Hello all,

What I'm trying to do is to restrict the user to a single session and by that i mean to not to allow him to re-login from some other location if he's already logged in.

What I have come up for it is to create a table ... say with three columns
1. username
2. login_time
3. flag ('active','inactive')

now, whenever a user log's in a new row will be created and the flag will be set as active and when he log's out it'll changed to inactive

But the question is how will i change the flag to inactive in case the session times out.

For that, should i just check the row and the login_time to be greater than the session_timeout value or is there any other way to achieve this.

please suggest


http://plainoldjavaobject.blogspot.in
Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 30586
    
154

You can use a HttpSessionListener to know when the session is destroyed. This won't tell you about the case where a user closes the browser and immediately opens a new browser though. The original session is still alive for X minutes. One approach is to give the user the option of killing the old session. You'll need to track more information for this approach.

The calculation you suggest won't work. What happens if a user logs in at 9am and then clicks something in your app every 10 minutes all day? The session will still be alive after the default session timeout. You'd need to track "last active time" for this rather than login time.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Lalit Mehra
Ranch Hand

Joined: Jun 08, 2010
Posts: 384

Hi Jeanne,

I have actually added the same ... the HttpSessionListener but i guess i'll have to make up a few more amendments as you have now suggested one more use case to me.

Thanks
 
GeeCON Prague 2014
 
subject: Restrict the user to a single session at a time