I have a query, I want that if a user is already logged in to a web page and again he Relogins from same or different machine then his previous session should be killed and automatically he gets log out to main page. I'm using jquery at client side and servlets at backend. I'm using tomcat 6 as web server and jdk1.6 compiler. I just want as yahoo does, if a user is lodged in from some machine and next time he again logs in from some other or same machine he gets logs out automatically from previos session and is redirected to main page. Please tell how can i implement that.
views:
494answers:
3
A:
When user logs in again, simply generate new session ID and previous one will become invalid.
lubos hasko
2009-09-13 03:09:00
Thanks for your reply,can u please tell me how,i want that he should be automatically logged out from previous login if he opens new session again .
2009-09-13 03:11:45
Try thishttp://us2.php.net/manual/en/function.session-regenerate-id.phpsession_regenerate_id
Extrakun
2009-09-13 04:38:47
@Extrakun, don't assume he is using PHP.
lubos hasko
2009-09-13 04:43:50
I m using java (servlets) and tomcat server.
2009-09-13 15:00:50
A:
If you attach a session id to a user id, then when you create a new session id, it will replace the current session id, and when you check for the valid session id, you will see that the old one is not longer found, so your application would tell them that they have been logged out.
If you want to keep track of the session id, then just have a valid flag that is unique between the userid and valid flag, so each user only has one valid session at a time.
If you see that they have a second session id then you can let them know that they were logged out of the first session due to logging into the new session.
James Black
2009-09-13 03:30:56
Thanks James for your reply ,can u plz tell me the way or example so that i can implement it.I would like you to tell that i m using tomcat 6 and jdk1.6.cau u plz tell m the solution.
2009-09-13 13:34:07
My way assumes you are using a database, which could be a big assumption.
James Black
2009-09-13 14:41:45
yeah i m using mysql database.can u tell me or suggest a way so that i resolve this problem
2009-09-13 14:47:19
I think they have already done. You need to first apply some kind of session ID. You can check out how to generate a MD5 Hash or using the J2EE session libraries. Then you must store that data on a sessions table, or as a column on your users table. After that, everytime your user logins, your servlet will generate a new hash/session id and compare it with the one stored. If they are the same, nothing happens. If they are different, then it will assume it has started a new session elsewhere and act accordingly.
Yaraher
2009-09-13 15:52:31
+1
A:
Here is my really contrived method for detecting different machine logins
When the user logs in, generate a hash key for him, store it in his session, and in the database. The database only stores one the hashkey for the user (it's not a history of login)
Whenever the user accesses a page, check that the hash key in the session matches the one in the database
If it matches,all is well.
If it does not matches, it is not from the same machine; because if the user logins elsewhere, a new hashkey would be generated and would replace the one in the database.
4a. Tell the user on the original machine that 'You have been logged into somewhere else' and unset all the session there (that is, log him out). But that is only on the next page refresh - which can be avoided if you use AJAX
As for same login - if the user tries to login into the site while he is already logged in, just display a message that he's already logged in? What's the intent of flushing the session data if he logs in again (are we talking about the same user logging into the same site on the same machine here?)
Extrakun
2009-09-13 04:36:45
Thanks Extrakun for ur reply,plz i would like to inform you that i m using tomcat 6 vesrion and jdk 1.6,can u tell me the way how can i implement it using servlets or some other method??
2009-09-13 13:31:04
The principle is the same for any web-based applications. I suppose you are using JSP. You could find out how to create sessions in JSP and DB access with it and go through the steps above. They are the same for ASP, JSP or PHP, I think, as I am only familiar with PHP
Extrakun
2009-09-14 00:13:45