tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nikola Milutinovic <>
Subject Re: Concurrent login detection - how?
Date Wed, 15 Jun 2005 05:14:23 GMT
David Rickard wrote:

> Don't know if this is an optimum solution, but it should work:
> Keep a List or Vector of IDs for active users in a shared, 
> application-level object (probably ServletContext);
> When someone logs in, search the List for the submitted ID: if not 
> present, continue with login sequence; if present, kick them to the 
> "duplicate login" page;
> Remove IDs from the List when users log out (and add a 
> ServletContextListener to catch people who leave the site without 
> logging out--remove their IDs when their sessions time out);

This is definitely a correct approach, but it has onw shortcoming. 
Suppose one user opens up a session (logs in) and his/her browser dies. 
The user opens another browser and tries to login, only to be kicked to 
"duplicate user" page. I think in this case, the original poster should 
have a vector or a hash map of user names and remote machine names/IPs.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message