only one client request at a time

Posted on 2009-07-08
Last Modified: 2013-11-24
I have a requirement that i should not let the same client make requests from different if i have logged in one system i should not be allowed to login in another just like how yahoo messenger works. So we all know that we use session to maintain conversation between client requests. How will the session then check that the same client is making request from two different browsers.
Question by:SunScreenCert

Accepted Solution

SordSord earned 100 total points
ID: 24809614
Is the requirement to prevent multiple logins to the same account from multiple browsers (and would you also want to prevent multiple machines from logging in to the same account)? Or is the requirement to prevent a single machine from being able to simultaneously login to multiple accounts? Is it ok if a client has multiple browser windows open making requests?

From the JSP side of things, you will need a global object that you can store (client, session) pairs in (I'd tend to us a map of some sort). Which will allow you to prevent multiple sessions for a single client.

How to identify a client is the real trick and will depend on how you answered the first question. If it is really the machine you want, then the IP address is probably the best answer you're going to get. If it is just multiple simultaneous logins you want to prevent, then the client is really the login info. So after they send their login info, check if they already exist in your table and you can either reject the new login, discard the old session, or just treat the two sessions as one session.
LVL 13

Assisted Solution

by:Murali Murugesan
Murali Murugesan earned 100 total points
ID: 24810259
Have something like LOG table in the database.

On every successful login have a record inserted in it or just have a flag in existing table to indicate user logged in or not.

On every login if the logged_in flag is NO then allow user to enter after updating it to "YES". So if the same user id is entered from different machine or browser just check if tht user id is logged in. If already YES the give him a message "Already logged in".

Also implement HttpSessionListener and in OnSessionDestroyed just make sure the db table is updated to "NO" for logged_in flag. Bcoz there are chances that user can just close the browser instead of logout.

LVL 25

Assisted Solution

by:Tomas Helgi Johannsson
Tomas Helgi Johannsson earned 300 total points
ID: 24811740

You could try this

in combination with the logged in/not logged in in the session.
Usually the IP address is different.
However if multiple users are behind the same firewall and one static IP-Address I believe
that you would get the same IP-Address from multiple browsers.
To solve that problem you have the opportunity to look at some internal session attributes

as well as create your own attributes to handle this.

   Tomas Helgi
MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.


Author Comment

ID: 24816893
But it is same system but not allowing multiple browsers
LVL 25

Assisted Solution

by:Tomas Helgi Johannsson
Tomas Helgi Johannsson earned 300 total points
ID: 24821279

Like Murali says you can solve this by creating a "LOGIN" table that hold the username and sessionID of the session (and even the clients RemoteAddress).
When the session ends or timeout you delete the users record from the table.
The check should be on both the username and/or the sessionid to the user and/or sessionId that is trying to logg on.
So if the user is already logged on and is trying to log on from another computer/browser you simply tell the server to end the session that is tied to the
current "logged in" browser and logg in the user that is currently trying to logged in.

You can see similar functionality in the Windows Live Messenger and other similar clients.

   Tomas Helgi
LVL 25

Assisted Solution

by:Tomas Helgi Johannsson
Tomas Helgi Johannsson earned 300 total points
ID: 24821298
Forgot to mention that a simple HttpSessionListener could do this

  Tomas Helgi

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
maven example error 3 67
hibernate jars 4 45
add projects t working set in maven 2 24
hashmap order 17 37
Introduction This article is the first of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article explains our test automation goals. Then rationale is given for the tools we use to a…
Introduction This article is the second of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers the basic installation and configuration of the test automation tools used by…
The viewer will learn how to implement Singleton Design Pattern in Java.
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question