 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / General / September 2007Tomcat - One login only
Hi, I'm currently trying to configure Tomcat to only allow a user to log in once. If the same user tries to log in when already logged in (from another machine for example) I want to cancel the login request and present an explanation to the user. I'm using the FORM based authentication and have searched the web for a solution to this problem to no avail. Any help would be much appreciated, Jamie Hi, I think there are several solutions depending on your actual requirements. Can you explain more? For example, what services are the users going to access after authentication? You mean an application deployed on Tomcat? And, what do you actually mean for cancelling the login request? What is the purpose and target that you expect to meet? Harry On 4月30日, 上午5時50分, Jamie.Osbor...@googlemail.com wrote: > Hi, > [quoted text clipped - 8 lines] > > Jamie Sure, We have a web application deployed on Tomcat which allows several secure clients on a network to connect. The issue is that currently a user can login several times with the same logon details. What we would like to do is limit the login so that if a user tries to login when that same user is already logged in, we report back saying "already logged in" or something. I have seen this functionality on other websites and it seems to me it should be a simple configuration option, perhaps somewhere in the Tomcat/Conf/web.xml file but i cannot find any information so far! any help much appreciated! Jamie Hi, What I will do is to keep the logged in user info in session. Whenever a user is logged in, check the session whether that user exists. If exists, then you can report to say the user is already logged in. Hope this helps. Harry On May 1, 1:32 am, Jamie.Osbor...@googlemail.com wrote: > Sure, > [quoted text clipped - 13 lines] > > Jamie > Hi, > [quoted text clipped - 8 lines] > > Jamie I am not sure how you store information about the already logged in user etc. In one the web applications I worked earlier (wasn't J2EE), we had a separate table which stored session information of all the logged-in users (thing like, user id, session id, initial time and last activity time etc). Then if user logs out, we used to delete that particular row from this table. Now to check whether the same user has logged-in already you can just check against this session table. The disadvantage of this method is that in case of orphaned sessions(browser closed or user did not log out), user has to wait for the last session to expire before logging back in. But I guess you can implement number of different solutions for this. > I'm currently trying to configure Tomcat to only allow a user to log > in once. If the same user tries to log in when already logged in > (from another machine for example) I want to cancel the login request > and present an explanation to the user. I'm using the FORM based > authentication and have searched the web for a solution to this > problem to no avail. I think the best way is to: - use a SessionListener to keep track of who is logged in - use a custom realm for login that rejects users already logged in Will require a bit of coding. Arne have you ever gotten a response to this? thanks. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.