There are numerous ways to implement this that I am sure of. Probably the
easiest is to keep a vector or hashtable of logged in users in the
application scope (ServletContext). Upon logging in, check this first for
the user/pass being logged in. If it exists, check the last login time. If
it was recently, update a vector of times or something, and come up with
some sort of algorithm to determine if its a red flag, or just someone who's
browser crashed or they forgot to log out a few minutes ago. When they
logout, take it out of the hashtable/vector in the servlet context. Also,
have a listner for HttpSessionBinding or something like that, so that when
their session expires (incase they close the browser but don't log out),
that it also removes them from the vector/hashtable list of logged in
entries. I would keep the time-out period relatively low, 30 minutes or
less, perhaps even 5 minutes or so.
-----Original Message-----
From: A mailing list about Java Server Pages specification and reference
[mailto:[EMAIL PROTECTED]]On Behalf Of David Morton
Sent: Thursday, March 22, 2001 6:47 PM
To: [EMAIL PROTECTED]
Subject: Simultaneous Username/Password Detection
I am building a system that protects content by username and
password. No
problem there. The more complicated part of the system prevents two people
using the same username and password at the same time on our web site. I
have a plan to do this, but I haven't seen if there are any common
methods/techniques/strategies/design patterns to do this in a jsp
environment. Nor do any of our developers have any experience in doing
this.
Currently, I am just going to store server generated sessionId's and
userId's with other necessary data/time checks......of course the user must
be able to take over use of that username and password because the browser
may crash...or they forget to hit logout....and also I must flag when this
happens too many times in a period of time as a red flag....obviously with
an html web site, there is no 100% accurate way to only have one user using
the site at once, however, I can build it well enough that 95% of the users
that are giving out their passwords won't because it is annoying to keep
re-logging in and being locked out for an hour if you trip one of our red
flags.....thoughts? experiences?
This is not for a porn site, however, I bet that porn people have
something like this.
David
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST
DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
