Hi,
I have a web application which I will like to restrict multiple user login.
I thought of placing a bean in the application scope to store the IDs and sessionID (in the form of dynaof the users who have log in. So, upon logging out, the ID is then taken out of the bean...
However, there is one problem, as u know, most of the time users will not click on "Log Out" to log out. So there is no way for the bean to know if the session has expired or the user has gone onto another page.
Or is there an API in session that detects session_end? Like on_session_end in vb?
Thanks in advance...
-
Preventing multiple User login (4 messages)
- Posted by: Thling Thling
- Posted on: September 01 2000 07:04 EDT
Threaded Messages (4)
- Preventing multiple User login by ravi kiran on September 02 2000 02:11 EDT
- Preventing multiple User login by samuel abraham on September 06 2000 07:17 EDT
- Preventing multiple User login by Thling Thling on September 12 2000 00:15 EDT
- Preventing multiple User login by samuel abraham on September 12 2000 02:28 EDT
- Preventing multiple User login by Thling Thling on September 12 2000 00:15 EDT
-
Preventing multiple User login[ Go to top ]
- Posted by: ravi kiran
- Posted on: September 02 2000 02:11 EDT
- in response to Thling Thling
as you said in u r message that u r going to use a bean but
bean does'nt know whether user is logged out or not
use cookie with certain time(after that time cookie will expire) you can remove id of the user .
but one problem here is if user dont support cookie
then you have to take time that is one hour or two
and then remove session id.
rk. -
Preventing multiple User login[ Go to top ]
- Posted by: samuel abraham
- Posted on: September 06 2000 07:17 EDT
- in response to Thling Thling
You can start a thread and remove the timed out sessions .
If you are using servlet you can start the thread in the init() method.It will run in the background and do the work.
sam -
Preventing multiple User login[ Go to top ]
- Posted by: Thling Thling
- Posted on: September 12 2000 00:15 EDT
- in response to samuel abraham
But that will not be able to detect when the User closes the browser right?
-
Preventing multiple User login[ Go to top ]
- Posted by: samuel abraham
- Posted on: September 12 2000 02:28 EDT
- in response to Thling Thling
No the thread will not know when the browser is closed.
The thread can be used to remove total timeout sessions.
If a person closes the browser then that session is over and after the specified amount of time(total timeout) the thread will remove that session from where you are storing it.
If you want to remove the session at the moment the browser is closed you have to capture Unload() event and call your application that logs the user out.
Either way it is sure that the session will be removed.
Hope this helps.
regds
sam