Hi All, Objective: To achieve only one user to logon only once on the same machine or different machine. When the same user logs in on another machine or broswer instance, it should throw a msg "User logged in already" and should not able to go further. When the user logs off the lock should be released and browser close should be treated as Logout (at this point also, the lock should be released) THe Administrator should have one option to release the locked users. Software: IBM WAS 4.0, database is Oracle Problem: Suppose the user logs in to the web application. After proper authentication, a flag is updated in a table with his user id. so when the same user is loggin in from different browser, it checks for the entry first and then throws error msg without loggin in.
There should be one option for Admin to release the lock. Suppose the network goes down, the user lock wont be released since he didnt logged off properly. The admin has option to see list of users whose status='Y' from a table. Then Admin selects one or more users and update the status as 'N', so that next time those users can log in.
Now problem is, a user logs in and his status is set to 'Y'. Now he calls up Admin to release his user lock. the admin releases the lock (which updates the flag only). The same user will be able to log on from different machine or browser instance now. We need to stop that. So when the admin releases the lock, the other session if any should be invalidated, so that he gets the login screen.
Question: When the user logs in his Session id is written to the table. With the help of that session id, how can we get the Session object to invalidate that particular session. The admin should able to get the session object of some person by giving that session id, and invalidate.
I have described in detail. I hope to get some positive reply to this. This is very urgent. Plese help me and thanks in advance.
When the session expires or web app goes donwn, use two listeners to update the db's status. Run a scheduled job to clean up that table if necessary (check last-update timestamp). And i dont think u should ever let the admin guy to directly manipulate the data like that. Rather wait for the session to be expired like 15 minutes so that the user can login then.
Whenever I have implemented; one user = one session It's always been FIFO (first person who logs in gets kicked out by the second user). I think your requirements imply using a very short session lifetime (after 5 minutes of inactivity user gets kicked off), otherwise your admin is going to be very busy. Who came up with these requirements??