Preventing multiple logons in an application
I need to prevent multiple logins on a Netbeans Visual Web Pack application.
I have implemented a hashmap in the application bean, and clean out userids when the users either logout or the application times out, however I need to do this if the user closes the browser window.
I have tried to find a definative answer in forum, but I am still confused about how to achieve this.
Most posts seem to relate to adding client side javascript event trapping, but I'm not sure how I would add this to the jsp?
Does anybody have a definative solution to what must be a common requirement for a lot of applications?
[639 byte] By [
Derek50a] at [2007-11-27 1:36:19]
# 1
Even with javascript, you could run into problems. What happens if a user is logged in and their browser crashes or they lose power? The client would not send back any javascript, and your application would think that they are still logged in. You will of course also have problems if the user has javascript turned off.
Can't you just invalidate all of the user's previous sessions when they log in? That way, they can keep logging in as many times as they want but they can only use one session at a time.
jsra at 2007-7-12 0:45:38 >
# 2
I have found an exmaple on the web of using javascript (it opens a child window that polls the parent window, and invalidates the session if the parent window is closed). I agree there always appears to be loop holes around most of th e solutions i've come across.
I had the same idea about invalidating any previously known session for the same userid, I'm pretty new to the java/web app world so I'm struggling with finding the information I need. I couldn't find any methods to call to invalidate another session, I only came accross example where the current session invalidated its own session via call to the session object, do you have any idea how I would do that for other sessions.
Mant thanks for your input.
Derek.
# 3
I have now got a solution to this requirement. I have created a hashmap in the application bean and at login, in this I store a reference to each session object from the session bean, this is keyed on the userid.
When a new user attempts to log on I check the hashmap, and if the userid is already present, I output a message to the new user saying if they continue, the existing user will be logged off, if they do continue I invalidate the previous session using the relevant session object.
I also clean out the hashmap when the users logout of the application or when the session timeout.
