Preventing multiple User login


Web tier: servlets, JSP, Web frameworks: Preventing multiple User login

  1. Preventing multiple User login (4 messages)


    I have a web application which I will like to restrict multiple user login.

    I thought of placing a bean in the application scope to store the IDs and sessionID (in the form of dynaof the users who have log in. So, upon logging out, the ID is then taken out of the bean...
    However, there is one problem, as u know, most of the time users will not click on "Log Out" to log out. So there is no way for the bean to know if the session has expired or the user has gone onto another page.

    Or is there an API in session that detects session_end? Like on_session_end in vb?

    Thanks in advance...

    Threaded Messages (4)

  2. Preventing multiple User login[ Go to top ]

    as you said in u r message that u r going to use a bean but
    bean does'nt know whether user is logged out or not
    use cookie with certain time(after that time cookie will expire) you can remove id of the user .
       but one problem here is if user dont support cookie
    then you have to take time that is one hour or two
    and then remove session id.
  3. Preventing multiple User login[ Go to top ]

    You can start a thread and remove the timed out sessions .
    If you are using servlet you can start the thread in the init() method.It will run in the background and do the work.

  4. Preventing multiple User login[ Go to top ]

    But that will not be able to detect when the User closes the browser right?
  5. Preventing multiple User login[ Go to top ]

    No the thread will not know when the browser is closed.
    The thread can be used to remove total timeout sessions.

    If a person closes the browser then that session is over and after the specified amount of time(total timeout) the thread will remove that session from where you are storing it.

    If you want to remove the session at the moment the browser is closed you have to capture Unload() event and call your application that logs the user out.

    Either way it is sure that the session will be removed.
    Hope this helps.