Preventing multiple user logins using same user id in a clustered environment

Posted on 2006-06-07
Last Modified: 2013-11-15

I have a challenge to prevent users from concurrently logging into a web application (websphere 5.1.1) using the same user account. The web application will be deployed across several clustered servers.

My preferred approach was to maintain a collection of user ids and session objects. Initially if a user logs in successfully their user id is stored with their session in this collection. If another user (using same user id) logs in then the new session will be stored against the user id and the old one invalidated - thus kicking the first user out.

I can see how I could implement this using a single server but i can't see how it would be acheivable using the target clustered environment

I've investigated using a database for this and set a flag when the first person using the id logs in. However with the db approach the flag will only be tested and set during authentication - we would not want to test this db flag every time the user interacts with the system within the session. Therefore when the second user logs in I can't see a way to implement this so that the first user (who is already authenticated and using the application)is kicked out (effectively invalidating the session).

This leads to an alternative approach of using this flag to prevent subsequent users from logging in (reverse of first approach as this way first user logged on has priority). However using this approach our challenge is that the user who has successfully logged on and using the application could close their browser at any time. It will be difficult to reliably capture this event (eg. javascript is one option that oculd be used but user could have browser javascript disabled). In this situation the db record for the user will still have a flag against it showing that a user is logged on preventing any further attempts to logon. We could of course implement a timeout on the flag to unset it after x minutes but it still means until the flag is released the user will not be able to log back in.

Can anyone provide any further assistance on this and suggest an appropriate solution? I'm wondering how video streaming websites are Preventing multiple user logins using same user id? I am sure they must be having clustered server environment.

Any help would be much appreciated.

Thanks in advance.
Question by:mani29
    LVL 19

    Accepted Solution

    LVL 19

    Expert Comment

    Well I dont know how much my link above helped the question. Though its a good article on clustered enviroment management.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    equalIsNot  challenge 43 95
    Run test on Flash Drive 2 TB 5 82
    External drive not initialized 33 58
    office 365 , exchange , backup 5 49
    Storage devices are generally used to save the data or sometime transfer the data from one computer system to another system. However, sometimes user accidentally erased their important data from the Storage devices. Users have to know how data reco…
    How to update Firmware and Bios in Dell Equalogic PS6000 Arrays and Hard Disks firmware update.
    This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
    This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now