login user at most once ?

Hello,

I have the following scenario:

I have a login-site with username="hello" and password="world".

Now, I open for example the mozilla-browser and login with my username and password.

All works. In the same browser, I cannot login twice. That s okay.

But when I open a other browser, for example, internet explorer, then I can login again, even when I have been looged in in the mozilla-browser. How can I avoid this?

Should I store the session of the client mozilla into the database and rewrite it, when a new session via internet-explorer starts?

Manitain somewhere in the application scope a Map<User, HttpSession> so that you can control over it. Let the User implement HttpSessionBindingListener so that you can control add/remove from the map. Or if you don't want to let the User implement it, then just implement a HttpSessionListener which does the removal task when the session get destroyed. Also extend the login/logout logic accordingly.

hmm..I have print out my Application-Scope:

<h:panelGrid columns="1"> <h:outputText value="applicationScope: #{applicationScope}" /> </h:panelGrid>

But how can I look, what value is to destroy? It must be a sessionID from this User which I have to overwrite with the newest one?

I didn't mean that. You're fairly new to the concepts, is it? I highly recommend you to dive into the basics. Over there at Sun.com there is a very good Java EE tutorial. Start reading with part II. Start learning JSP. Then Servlets. And then JSF.

After all, what is the functional requirement? Should the user get an error message or should the application logout the other user immediately with(out) notification and proceed with login?

I would add, this specific problem is not specifically related to JSF. I hope that you realize this while searching for a solution.

Yes, you are right. It s not JSF-specific.

After all, what is the functional requirement?

The application should the other user logout immediately with(out) notification and proceed with login?

I use EJBs and an EJB-Container.

Maintain somewhere in the application scope a Map<User, HttpSession> so that you can control over it.

Okay, at first I store a Map in my application scope, when the User logs in.

I need a ServletContext and "setAttribute"
http://java.sun.com/j2ee/1.4/docs/api/javax/servlet/ServletContext.html:

Binds an object to a given attribute name in this servlet context. If the name specified is already used for an attribute, this method will replace the attribute with the new to the new attribute.

I call something like

application.setAttribute(User, Session)

I have tried to get the application with

ServletContext application = getServlet().getServletContext();

But it does not work! (I have not implement it into a Servlet, I implement it in a ManagedBean).

However, assume it is working, then I can call the HttpSessionListener: when the same User registers twice, the Session of the User before is overwritten and hence destroyed, when I do this method in my login-logic:

application.setAttribute(User, Session)

So when the Value of the Users Session changes, then the HttpSessionListener calls the sessionDestroyed-Method..

Is this the right way. Have I better possibilities to do that?

okay, now I am able to get all the values from session and application via externalContext..

Is it possible for you to share the code for logout

I do not have the code anymore, but I can tell you, how I have solved it:

I had SessionListener and stored all the created Sessions in a Map with the actual Login-Name. When the User tries to login again in another browser, then I check, if the users login name is in the map and, if so, I destroy the session stored in the map associated with the username via:

.invalidate();

After that, I store the actual session with the same username in the map again and do the login.

That was it.

Hope it helps.