Re: ReQ: Only one logged in session at a time for each user
Hi Guys They way i have done this is create a singleton class for logged on users and keep a hash of the usernames logged on. However when a user does not loggof the user is still in the hash, so what i do before a user tries to logon again is to check whether the session is valid . if it is then i give a mutliple loggon message, invalidate the session and create a new session. If the session is invalid i know he expired so i just logg the user on normally. Also at each request check for valid session. kayode Dosunmu From: Alvin Kutttikkat Antony [EMAIL PROTECTED] Reply-To: Struts Users Mailing List [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: ReQ: Only one logged in session at a time for each user Date: Mon, 28 Jan 2002 16:22:39 +0100 Hi there, I am too interested on this.The suggestion is good.How can I get session object from the Id.I think one way is through HttpSessionContext class. I found this class has been deprecated. any other way to achieve this Alvin second time, that you invalidate the *old* session and let them continue with new one. I've seen that approach used on a large public web site. Sean On Sunday, January 27, 2002, at 08:01 PM, Antony Stace wrote: Hi I want the users in a Struts application to be only logged in once at any one time. What is the best way to go about this. I was thinking that I can have have some sort of record in (an application wide bean)/(a database record)/(the logon action) that keeps track of who is logged on and when the log on process happens this record is checked, if the user is already logged on then don't let them log on again. The problem I can see with this is that this works fine if the user logs out of the application through a logout action - the logout action can simply clear the record of the user being logged in. But if the users browser crashes, they reboot the machine, they simply restart the browser then this record will not be cleared and thus they will not be able to log in. I cannot think of how I can implement a mechanism to ensure only one log in at a time. The thought of adding some sort of timeout value seems a little nasty, since I hate it when I go to a site and I am told I am alread logged in, please try back in 10 minutes. Any ideas folks on how to handle this? -- Cheers Tony - _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com -- To unsubscribe, e-mail: mailto:struts-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:struts-user- [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] alvin kuttikkat antony Internet und Virtuelle Hochshule Directory Universität München Leopoldstr .3 80802 München Germany Office Tel + 49.89.21025979 Office Fax + 49.89.21025980 _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: ReQ: Only one logged in session at a time for each user
Hi Kayode Just a note, a Singleton will not work if you have a cluster of JSP containers serving your application. You would have to use the database or a stateful session bean if you want it to work in a distributed environment. You could try the application context, but I am not sure if the container will persist that to other servers. Keith -Original Message- From: Kayode Dosunmu [mailto:[EMAIL PROTECTED]] Sent: Sunday, 3 February 2002 5:58 p.m. To: [EMAIL PROTECTED] Subject: Re: ReQ: Only one logged in session at a time for each user Hi Guys They way i have done this is create a singleton class for logged on users and keep a hash of the usernames logged on. However when a user does not loggof the user is still in the hash, so what i do before a user tries to logon again is to check whether the session is valid . if it is then i give a mutliple loggon message, invalidate the session and create a new session. If the session is invalid i know he expired so i just logg the user on normally. Also at each request check for valid session. kayode Dosunmu From: Alvin Kutttikkat Antony [EMAIL PROTECTED] Reply-To: Struts Users Mailing List [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: ReQ: Only one logged in session at a time for each user Date: Mon, 28 Jan 2002 16:22:39 +0100 Hi there, I am too interested on this.The suggestion is good.How can I get session object from the Id.I think one way is through HttpSessionContext class. I found this class has been deprecated. any other way to achieve this Alvin second time, that you invalidate the *old* session and let them continue with new one. I've seen that approach used on a large public web site. Sean On Sunday, January 27, 2002, at 08:01 PM, Antony Stace wrote: Hi I want the users in a Struts application to be only logged in once at any one time. What is the best way to go about this. I was thinking that I can have have some sort of record in (an application wide bean)/(a database record)/(the logon action) that keeps track of who is logged on and when the log on process happens this record is checked, if the user is already logged on then don't let them log on again. The problem I can see with this is that this works fine if the user logs out of the application through a logout action - the logout action can simply clear the record of the user being logged in. But if the users browser crashes, they reboot the machine, they simply restart the browser then this record will not be cleared and thus they will not be able to log in. I cannot think of how I can implement a mechanism to ensure only one log in at a time. The thought of adding some sort of timeout value seems a little nasty, since I hate it when I go to a site and I am told I am alread logged in, please try back in 10 minutes. Any ideas folks on how to handle this? -- Cheers Tony - _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com -- To unsubscribe, e-mail: mailto:struts-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:struts-user- [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] alvin kuttikkat antony Internet und Virtuelle Hochshule Directory Universität München Leopoldstr .3 80802 München Germany Office Tel + 49.89.21025979 Office Fax + 49.89.21025980 _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Only one logged in session at a time for each user
You should store their current session ID in some kind of persistent store, like you say. Then I would suggest that if they log in a second time, that you invalidate the *old* session and let them continue with new one. I've seen that approach used on a large public web site. Sean On Sunday, January 27, 2002, at 08:01 PM, Antony Stace wrote: Hi I want the users in a Struts application to be only logged in once at any one time. What is the best way to go about this. I was thinking that I can have have some sort of record in (an application wide bean)/(a database record)/(the logon action) that keeps track of who is logged on and when the log on process happens this record is checked, if the user is already logged on then don't let them log on again. The problem I can see with this is that this works fine if the user logs out of the application through a logout action - the logout action can simply clear the record of the user being logged in. But if the users browser crashes, they reboot the machine, they simply restart the browser then this record will not be cleared and thus they will not be able to log in. I cannot think of how I can implement a mechanism to ensure only one log in at a time. The thought of adding some sort of timeout value seems a little nasty, since I hate it when I go to a site and I am told I am alread logged in, please try back in 10 minutes. Any ideas folks on how to handle this? -- Cheers Tony - _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com -- To unsubscribe, e-mail: mailto:struts-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:struts-user- [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
ReQ: Only one logged in session at a time for each user
Hi there, I am too interested on this.The suggestion is good.How can I get session object from the Id.I think one way is through HttpSessionContext class. I found this class has been deprecated. any other way to achieve this Alvin second time, that you invalidate the *old* session and let them continue with new one. I've seen that approach used on a large public web site. Sean On Sunday, January 27, 2002, at 08:01 PM, Antony Stace wrote: Hi I want the users in a Struts application to be only logged in once at any one time. What is the best way to go about this. I was thinking that I can have have some sort of record in (an application wide bean)/(a database record)/(the logon action) that keeps track of who is logged on and when the log on process happens this record is checked, if the user is already logged on then don't let them log on again. The problem I can see with this is that this works fine if the user logs out of the application through a logout action - the logout action can simply clear the record of the user being logged in. But if the users browser crashes, they reboot the machine, they simply restart the browser then this record will not be cleared and thus they will not be able to log in. I cannot think of how I can implement a mechanism to ensure only one log in at a time. The thought of adding some sort of timeout value seems a little nasty, since I hate it when I go to a site and I am told I am alread logged in, please try back in 10 minutes. Any ideas folks on how to handle this? -- Cheers Tony - _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com -- To unsubscribe, e-mail: mailto:struts-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:struts-user- [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] alvin kuttikkat antony Internet und Virtuelle Hochshule Directory Universität München Leopoldstr .3 80802 München Germany Office Tel + 49.89.21025979 Office Fax + 49.89.21025980
Re: Only one logged in session at a time for each user
I have used a combination of ip_address and jsessionid which I store in an active_session table. Every action they do I check the table - if the ip address changes (ie someone has nicked the session id) then I ditch the record and make em log in again. If the same user logs in again from same IP address I let them right in, no logon required (within a time period). If the same user logs in from another ip address then I bouce the first one off... It stops users using each others passwords as a rule - it's too annoying. The problem is proxies and gateways which mask off original ip addresses. Can't have everything. Jonathan == For ejb and code generation for your Struts web site, visit: http://www.faraway.co.uk/tallsoft/lowroad/ Message History From: Sean Owen [EMAIL PROTECTED] on 28/01/2002 09:40 EST Please respond to Struts Users Mailing List [EMAIL PROTECTED] To: Struts Users Mailing List [EMAIL PROTECTED] cc: [EMAIL PROTECTED] Subject: Re: Only one logged in session at a time for each user You should store their current session ID in some kind of persistent store, like you say. Then I would suggest that if they log in a second time, that you invalidate the *old* session and let them continue with new one. I've seen that approach used on a large public web site. Sean On Sunday, January 27, 2002, at 08:01 PM, Antony Stace wrote: Hi I want the users in a Struts application to be only logged in once at any one time. What is the best way to go about this. I was thinking that I can have have some sort of record in (an application wide bean)/(a database record)/(the logon action) that keeps track of who is logged on and when the log on process happens this record is checked, if the user is already logged on then don't let them log on again. The problem I can see with this is that this works fine if the user logs out of the application through a logout action - the logout action can simply clear the record of the user being logged in. But if the users browser crashes, they reboot the machine, they simply restart the browser then this record will not be cleared and thus they will not be able to log in. I cannot think of how I can implement a mechanism to ensure only one log in at a time. The thought of adding some sort of timeout value seems a little nasty, since I hate it when I go to a site and I am told I am alread logged in, please try back in 10 minutes. Any ideas folks on how to handle this? -- Cheers Tony - _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com -- To unsubscribe, e-mail: mailto:struts-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:struts-user- [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Only one logged in session at a time for each user
Hi I want the users in a Struts application to be only logged in once at any one time. What is the best way to go about this. I was thinking that I can have have some sort of record in (an application wide bean)/(a database record)/(the logon action) that keeps track of who is logged on and when the log on process happens this record is checked, if the user is already logged on then don't let them log on again. The problem I can see with this is that this works fine if the user logs out of the application through a logout action - the logout action can simply clear the record of the user being logged in. But if the users browser crashes, they reboot the machine, they simply restart the browser then this record will not be cleared and thus they will not be able to log in. I cannot think of how I can implement a mechanism to ensure only one log in at a time. The thought of adding some sort of timeout value seems a little nasty, since I hate it when I go to a site and I am told I am alread logged in, please try back in 10 minutes. Any ideas folks on how to handle this? -- Cheers Tony - _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]