I think the major part is a design issue. How do you recognize someone is logging-in
after he accidentally killed his browser? Maybe you could use IP addresses for that???
As far as I know most ISPs use simple timeout mechanisms on their POP3 servers
(you can reconnect after sometime when the connection did not close properly).
For checking whether someone is already logged-in you might use a own implementation
of EJBUser: one which give a random password if someone has already logged-in. This
would
prevent another user from using the same account.
How you would reset the EJBUser to do an 'auto log-out' after some time (in case the
client
system died), I don't know. Guess you would have to settle for a fixed time, which
would be a drag,
or something need to kick the EJBUser regularly to keep the session alive. Oops, maybe
that is a clue!
FE
On Friday, March 23, 2001 3:47 AM, David Morton [SMTP:[EMAIL PROTECTED]] wrote:
>
> I am building a system that protects content by username and password. No
> problem there. The more complicated part of the system prevents two people
> using the same username and password at the same time on our web site. I
> have a plan to do this, but I haven't seen if there are any common
> methods/techniques/strategies/design patterns to do this in a jsp
> environment. Nor do any of our developers have any experience in doing this.
> Currently, I am just going to store server generated sessionId's and
> userId's with other necessary data/time checks......of course the user must
> be able to take over use of that username and password because the browser
> may crash...or they forget to hit logout....and also I must flag when this
> happens too many times in a period of time as a red flag....obviously with
> an html web site, there is no 100% accurate way to only have one user using
> the site at once, however, I can build it well enough that 95% of the users
> that are giving out their passwords won't because it is annoying to keep
> re-logging in and being locked out for an hour if you trip one of our red
> flags.....thoughts? experiences?
> This is not for a porn site, however, I bet that porn people have
> something like this.
>
> David
>
>
