[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now


only one client request at a time

Posted on 2009-07-08
Medium Priority
Last Modified: 2013-11-24
I have a requirement that i should not let the same client make requests from different browsers...like if i have logged in one system i should not be allowed to login in another just like how yahoo messenger works. So we all know that we use session to maintain conversation between client requests. How will the session then check that the same client is making request from two different browsers.
Question by:SunScreenCert
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

SordSord earned 400 total points
ID: 24809614
Is the requirement to prevent multiple logins to the same account from multiple browsers (and would you also want to prevent multiple machines from logging in to the same account)? Or is the requirement to prevent a single machine from being able to simultaneously login to multiple accounts? Is it ok if a client has multiple browser windows open making requests?

From the JSP side of things, you will need a global object that you can store (client, session) pairs in (I'd tend to us a map of some sort). Which will allow you to prevent multiple sessions for a single client.

How to identify a client is the real trick and will depend on how you answered the first question. If it is really the machine you want, then the IP address is probably the best answer you're going to get. If it is just multiple simultaneous logins you want to prevent, then the client is really the login info. So after they send their login info, check if they already exist in your table and you can either reject the new login, discard the old session, or just treat the two sessions as one session.
LVL 13

Assisted Solution

by:Murali Murugesan
Murali Murugesan earned 400 total points
ID: 24810259
Have something like LOG table in the database.

On every successful login have a record inserted in it or just have a flag in existing table to indicate user logged in or not.

On every login if the logged_in flag is NO then allow user to enter after updating it to "YES". So if the same user id is entered from different machine or browser just check if tht user id is logged in. If already YES the give him a message "Already logged in".

Also implement HttpSessionListener and in OnSessionDestroyed just make sure the db table is updated to "NO" for logged_in flag. Bcoz there are chances that user can just close the browser instead of logout.

LVL 25

Assisted Solution

by:Tomas Helgi Johannsson
Tomas Helgi Johannsson earned 1200 total points
ID: 24811740

You could try this

in combination with the logged in/not logged in in the session.
Usually the IP address is different.
However if multiple users are behind the same firewall and one static IP-Address I believe
that you would get the same IP-Address from multiple browsers.
To solve that problem you have the opportunity to look at some internal session attributes


as well as create your own attributes to handle this.

   Tomas Helgi
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 24816893
But it is same system but not allowing multiple browsers
LVL 25

Assisted Solution

by:Tomas Helgi Johannsson
Tomas Helgi Johannsson earned 1200 total points
ID: 24821279

Like Murali says you can solve this by creating a "LOGIN" table that hold the username and sessionID of the session (and even the clients RemoteAddress).
When the session ends or timeout you delete the users record from the table.
The check should be on both the username and/or the sessionid to the user and/or sessionId that is trying to logg on.
So if the user is already logged on and is trying to log on from another computer/browser you simply tell the server to end the session that is tied to the
current "logged in" browser and logg in the user that is currently trying to logged in.

You can see similar functionality in the Windows Live Messenger and other similar clients.

   Tomas Helgi
LVL 25

Assisted Solution

by:Tomas Helgi Johannsson
Tomas Helgi Johannsson earned 1200 total points
ID: 24821298
Forgot to mention that a simple HttpSessionListener could do this

  Tomas Helgi

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had a project requirement for a displaying a user workbench .This workbench would consist multiple data grids .In each grid the user will be able to see a large number of data. These data grids should allow the user to 1. Sort 2. Export the …
Introduction This article is the first of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article explains our test automation goals. Then rationale is given for the tools we use to a…
The viewer will learn how to implement Singleton Design Pattern in Java.
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question