I have a servlet which authenticates the user while he is logging in.If another person logs in with the same name , the first user will be displayed a message saying that the same user has logged on in another machine with the same login(The same scenario as in Yahoo messenger and AOL chat).
For this to achieve I am using HTTPSession to know the username who all have logged on
If I use clusters for load balancing and failover, whether my info in HTTPSession will be validated(replicated) for all the servers in the cluster so that any point of time only one user with the same username can log on.
Thanx in advance
If you are using clustering than depending
on internal implementation :
a) the session object will be replicated across all the server (or set of servers)
b) automatically the users request for a session
will be routed (pinned) to the same server
which created it.. (eg weblogic does this plus
having another server having the backup of
If you want to prevent another user from using
the same user name/password than you need to
maintain the "users Login status" in the
database and prevent another new user to
login to the site based on the login status..
Thanks for your suggestion
I have a doubt.
If we are storing the login status in the database, what if the user closes the browser without logging out.
He cannot login again.So how can this problem be solved
Normally you should log out the user after
certain period of inactivity.. This can
be done by storing last accessed time in
the Session and have background thread to
clean up session/database information..
Normally most of the web site allow two
logins to occur... But if you intend to
have only one user to login at a time
(and only the recently logged in user) than
you may store the session id of latest logged
in user in the database... This id will prevent
first login from hitting the server ...