JSP - deny concurrent access for users with the same username

C

carmelo

Hi everybody,
I need to develop a login system to check users access, using JSP, in
order to deny multiple concurrent access from different PCs. Somebody
told me that it's possible to do that using session ID... What do you
think about? How would you do that?


Thank you very much in advance for your help
Cheers
Carmelo
 
M

Martin Gregorie

Hi everybody,
I need to develop a login system to check users access, using JSP, in
order to deny multiple concurrent access from different PCs. Somebody
told me that it's possible to do that using session ID... What do you
think about? How would you do that?
Add a logged-in flag to the list of valid users.
 
G

GArlington

Hi everybody,
I need to develop a login system to check users access, using JSP, in
order to deny multiple concurrent access from different PCs. Somebody
told me that it's possible to do that using session ID... What do you
think about? How would you do that?

Thank you very much in advance for your help
Cheers
Carmelo

Yes, you can do it with sessions...
When the user logs in you create a session and flag the user profile
as locked/used...
When the user is logged out or when session expires you clear that
flag...
There is one point you should consider: what happens when legitimate
user logs in on computer1 and for whatever reason can NOT log out
(hardware failure?...) and attempts to log in from computer2 more or
less immediately?
 
C

carmelo

Yes, you can do it with sessions...
When the user logs in you create a session and flag the user profile
as locked/used...
When the user is logged out or when session expires you clear that
flag...
There is one point you should consider: what happens when legitimate
user logs in on computer1 and for whatever reason can NOT log out
(hardware failure?...) and attempts to log in from computer2 more or
less immediately?

Thank you for your answer GArlington.
To deny concurrent users with the same username, do you think is a
better way using the Application object or the Session object?
 
C

carmelo

When the user is logged out or when session expires you clear that
flag...


When he logs out it's easy to update the flag on a db table, but how
can I do when session expires?

Thank you again
Carmelo
 
G

gimme_this_gimme_that

It's complicated to set up but ....

But you could set up a VPN and make it so the user can only access
your site through the VPN.

And then configure the VPN so only one user can be logged in at a
time.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,480
Members
44,900
Latest member
Nell636132

Latest Threads

Top