Preventing multiple user logins using same user id in a clustered environment


I have a challenge to prevent users from concurrently logging into a web application (websphere 5.1.1) using the same user account. The web application will be deployed across several clustered servers.

My preferred approach was to maintain a collection of user ids and session objects. Initially if a user logs in successfully their user id is stored with their session in this collection. If another user (using same user id) logs in then the new session will be stored against the user id and the old one invalidated - thus kicking the first user out.

I can see how I could implement this using a single server but i can't see how it would be acheivable using the target clustered environment

I've investigated using a database for this and set a flag when the first person using the id logs in. However with the db approach the flag will only be tested and set during authentication - we would not want to test this db flag every time the user interacts with the system within the session. Therefore when the second user logs in I can't see a way to implement this so that the first user (who is already authenticated and using the application)is kicked out (effectively invalidating the session).

This leads to an alternative approach of using this flag to prevent subsequent users from logging in (reverse of first approach as this way first user logged on has priority). However using this approach our challenge is that the user who has successfully logged on and using the application could close their browser at any time. It will be difficult to reliably capture this event (eg. javascript is one option that oculd be used but user could have browser javascript disabled). In this situation the db record for the user will still have a flag against it showing that a user is logged on preventing any further attempts to logon. We could of course implement a timeout on the flag to unset it after x minutes but it still means until the flag is released the user will not be able to log back in.

Can anyone provide any further assistance on this and suggest an appropriate solution? I'm wondering how video streaming websites are Preventing multiple user logins using same user id? I am sure they must be having clustered server environment.

Any help would be much appreciated.

Thanks in advance.
Who is Participating?
Well I dont know how much my link above helped the question. Though its a good article on clustered enviroment management.
All Courses

From novice to tech pro — start learning today.