Solved

only one client request at a time

Posted on 2009-07-08
6
504 Views
Last Modified: 2013-11-24
I have a requirement that i should not let the same client make requests from different browsers...like if i have logged in one system i should not be allowed to login in another just like how yahoo messenger works. So we all know that we use session to maintain conversation between client requests. How will the session then check that the same client is making request from two different browsers.
0
Comment
Question by:SunScreenCert
6 Comments
 
LVL 3

Accepted Solution

by:
SordSord earned 100 total points
ID: 24809614
Is the requirement to prevent multiple logins to the same account from multiple browsers (and would you also want to prevent multiple machines from logging in to the same account)? Or is the requirement to prevent a single machine from being able to simultaneously login to multiple accounts? Is it ok if a client has multiple browser windows open making requests?

From the JSP side of things, you will need a global object that you can store (client, session) pairs in (I'd tend to us a map of some sort). Which will allow you to prevent multiple sessions for a single client.

How to identify a client is the real trick and will depend on how you answered the first question. If it is really the machine you want, then the IP address is probably the best answer you're going to get. If it is just multiple simultaneous logins you want to prevent, then the client is really the login info. So after they send their login info, check if they already exist in your table and you can either reject the new login, discard the old session, or just treat the two sessions as one session.
0
 
LVL 13

Assisted Solution

by:Murali Murugesan
Murali Murugesan earned 100 total points
ID: 24810259
Have something like LOG table in the database.

On every successful login have a record inserted in it or just have a flag in existing table to indicate user logged in or not.

On every login if the logged_in flag is NO then allow user to enter after updating it to "YES". So if the same user id is entered from different machine or browser just check if tht user id is logged in. If already YES the give him a message "Already logged in".

Also implement HttpSessionListener and in OnSessionDestroyed just make sure the db table is updated to "NO" for logged_in flag. Bcoz there are chances that user can just close the browser instead of logout.

-Murali*
0
 
LVL 24

Assisted Solution

by:Tomas Helgi Johannsson
Tomas Helgi Johannsson earned 300 total points
ID: 24811740
       Hi!

You could try this
http://www.java2s.com/Code/Java/Servlets/GetUsersIPAddress.htm

in combination with the logged in/not logged in in the session.
Usually the IP address is different.
However if multiple users are behind the same firewall and one static IP-Address I believe
that you would get the same IP-Address from multiple browsers.
To solve that problem you have the opportunity to look at some internal session attributes

http://www.java2s.com/Code/Java/Servlets/SessionTracker.htm
http://www.java2s.com/Code/Java/Servlets/Servletsessionfilter.htm
http://www.java2s.com/Code/Java/Servlets/Session.htm

as well as create your own attributes to handle this.

Regards,
   Tomas Helgi
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 2

Author Comment

by:SunScreenCert
ID: 24816893
But it is same system but not allowing multiple browsers
0
 
LVL 24

Assisted Solution

by:Tomas Helgi Johannsson
Tomas Helgi Johannsson earned 300 total points
ID: 24821279
       Hi!

Like Murali says you can solve this by creating a "LOGIN" table that hold the username and sessionID of the session (and even the clients RemoteAddress).
When the session ends or timeout you delete the users record from the table.
The check should be on both the username and/or the sessionid to the user and/or sessionId that is trying to logg on.
So if the user is already logged on and is trying to log on from another computer/browser you simply tell the server to end the session that is tied to the
current "logged in" browser and logg in the user that is currently trying to logged in.

You can see similar functionality in the Windows Live Messenger and other similar clients.

Regards,
   Tomas Helgi
0
 
LVL 24

Assisted Solution

by:Tomas Helgi Johannsson
Tomas Helgi Johannsson earned 300 total points
ID: 24821298
Forgot to mention that a simple HttpSessionListener could do this
http://www.java2s.com/Code/Java/Servlets/Servletsessionlistener.htm

Regards,
  Tomas Helgi
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Introduction This article is the second of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers the basic installation and configuration of the test automation tools used by…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
The viewer will learn how to implement Singleton Design Pattern in Java.
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now