Discussions

Web tier: servlets, JSP, Web frameworks: Avoid Duplicate Logon

  1. Avoid Duplicate Logon (5 messages)

    Hi All,

    Basically I need to prevent the End-User from logging on more than one place using the same id. Our business model is licensed on 'per user' basis. Yahoo/hotmail allows you to login at different machines using same id at same time. I want to avoid this.

    My understanding so far is there can be a data base approach or session approach. But am not clear about what these are ? Anyone please let me know your ideas.

    Appreciate your efforts,
    Bharani

    Threaded Messages (5)

  2. Avoid Duplicate Logon[ Go to top ]

    Hey i am not completely sure.

    i have used session variable and stored in a hash table. This scope of hash table should be application. when ever the person logs in , put his name in this table and when he logs off, pull him out of the table. Try this on your java app server thorougly and then only upload. It worked for me on intranet, but failed on internet.
    Database approach is better i feel and it is purely logical.

    George Vargis
    georgevargis@rediffmail.com
  3. Avoid Duplicate Logon[ Go to top ]

    I've been thinking this problem too. It's quite good way to store logon information in (for example) ServletContext, and to remove it from there when user logs out. But what to do when user doesn't press that "logout"-button, but closes the whole browserwindow, like they usually do?

    The same problem exists when we use database too.

    Can you understand what I mean? How can we monitor that does some session exist?



    Regards,
    Kari
  4. Avoid Duplicate Logon[ Go to top ]

    Hi,
    well logically u can set a flag at the time of login by user.after first login u can set that flag to true and keep that value in database .if user again wants to login with same userID as flag is set to true u can always show the message as flag is already set to true and after log out u can again set that db value to 0.
    i hope this should work.thro database it will be easier ....and logical also
  5. Avoid Duplicate Logon[ Go to top ]

    But how can you set that flag back to false if user doesn't use that "log out"-button and just closes the browserwindow?


    Regards,
    Kari
  6. Avoid Duplicate Logon[ Go to top ]

    You can make use of session listners . When session getting invalidted it notifys the bound objects. During unbinding you can do clean-up. proper care has to be taken if user trys to login before session get invalidates based on session id and time interval.