Tomcat - One login only

[Jamie.Osborne1]

Hi,


I'm currently trying to configure Tomcat to only allow a user to log
in once. If the same user tries to log in when already logged in
(from another machine for example) I want to cancel the login request
and present an explanation to the user. I'm using the FORM based
authentication and have searched the web for a solution to this
problem to no avail.


Any help would be much appreciated,


Jamie

 

[Harry]

Hi,

I think there are several solutions depending on your actual
requirements. Can you explain more?

For example, what services are the users going to access after
authentication? You mean an application deployed on Tomcat?

And, what do you actually mean for cancelling the login request? What
is the purpose and target that you expect to meet?

Harry

 

[Jamie.Osborne1]

Sure,

We have a web application deployed on Tomcat which allows several
secure clients on a network to connect.
The issue is that currently a user can login several times with the
same logon details. What we would like to
do is limit the login so that if a user tries to login when that same
user is already logged in, we report back
saying "already logged in" or something. I have seen this
functionality on other websites and it seems to me
it should be a simple configuration option, perhaps somewhere in the
Tomcat/Conf/web.xml file but i cannot
find any information so far!

any help much appreciated!

Jamie

 

[Harry]

Hi,

What I will do is to keep the logged in user info in session. Whenever
a user is logged in, check the session whether that user exists. If
exists, then you can report to say the user is already logged in.

Hope this helps.

Harry

 

[Sanjay]

Hi,


I'm currently trying to configure Tomcat to only allow a user to log
in once. If the same user tries to log in when already logged in
(from another machine for example) I want to cancel the login request
and present an explanation to the user. I'm using the FORM based
authentication and have searched the web for a solution to this
problem to no avail.


Any help would be much appreciated,


Jamie

I am not sure how you store information about the already logged in user
etc. In one the web applications I worked earlier (wasn't J2EE), we had
a separate table which stored session information of all the logged-in
users (thing like, user id, session id, initial time and last activity
time etc). Then if user logs out, we used to delete that particular row
from this table.

Now to check whether the same user has logged-in already you can just
check against this session table.

The disadvantage of this method is that in case of orphaned
sessions(browser closed or user did not log out), user has to wait for
the last session to expire before logging back in. But I guess you can
implement number of different solutions for this.

 

[=?ISO-8859-1?Q?Arne_Vajh=F8j?=]

I'm currently trying to configure Tomcat to only allow a user to log
in once. If the same user tries to log in when already logged in
(from another machine for example) I want to cancel the login request
and present an explanation to the user. I'm using the FORM based
authentication and have searched the web for a solution to this
problem to no avail.

I think the best way is to:
- use a SessionListener to keep track of who is logged in
- use a custom realm for login that rejects users already
logged in

Will require a bit of coding.

Arne

 

[derek]

have you ever gotten a response to this?
thanks.