Disabling Multiple login of a user
I have an application where in a user Id should not be used by more than one person to log in at the same time.
What I mean is that at any given point of time, if a person is logged in to the application, with say user id "myself002", then another person should not be able to log in using the same credentials.
This applies if the person trying to log in from another machine or the same person is trying to log in the application using two different browsers.
One approach to achieve this is keeping a flag in the DB and before letting the user gain access to the application, check the flag.
Since I am using LDAP for authentication, this approach would be a bit costly in terms or performance. Also my client does not want to store any session information in the DB or LDAP.
The reason it's tricky is because my application would be running on clustered Application Server environment, and a user would be re-directed to any application server which is comparatively free.
I am thinking if somehow we can get the session Id created by WebLogic Application Server. Since each user would be associated with a unique session Id, we may then be able to control who is logging in. Also we may also be able to invalidate the session.
Another approach is to have a listener which listens on each request and puts all the active sessions in a HashMap or Hashtable with the key as username and stores this into the DB. When the session is invalidated, the Listener clears the entry from the Collection. Thus we would have DB as the centralized place for checking the active sessions and authenticating users.
Can someone help me on the same? Its' kind of urgent, so any help would be a great help.
I hope I am clear on what problem I am facing and what I want.
