I have a web application which I will like to restrict multiple user login.
I thought of placing a bean in the application scope to store the IDs and sessionID (in the form of dynaof the users who have log in. So, upon logging out, the ID is then taken out of the bean...
However, there is one problem, as u know, most of the time users will not click on "Log Out" to log out. So there is no way for the bean to know if the session has expired or the user has gone onto another page.
Or is there an API in session that detects session_end? Like on_session_end in vb?
Thanks in advance...
as you said in u r message that u r going to use a bean but
bean does'nt know whether user is logged out or not
use cookie with certain time(after that time cookie will expire) you can remove id of the user .
but one problem here is if user dont support cookie
then you have to take time that is one hour or two
and then remove session id.
You can start a thread and remove the timed out sessions .
If you are using servlet you can start the thread in the init() method.It will run in the background and do the work.
But that will not be able to detect when the User closes the browser right?
No the thread will not know when the browser is closed.
The thread can be used to remove total timeout sessions.
If a person closes the browser then that session is over and after the specified amount of time(total timeout) the thread will remove that session from where you are storing it.
If you want to remove the session at the moment the browser is closed you have to capture Unload() event and call your application that logs the user out.
Either way it is sure that the session will be removed.
Hope this helps.