Java How to invalidate user session when he logs twice with same credential | ansaurus

tags:

views:

63

answers:

2

+2 Q:

Java How to invalidate user session when he logs twice with same credential

Hallo all. I found this interesting thread about how to invalidate a user session when he logs twice.

http://stackoverflow.com/questions/2372311/jsf-how-to-invalidate-an-user-session-when-he-logs-twice-with-the-same-credentia

I have a slightly different environment but I should resolve the same problem. The differences are that I don't use JSF and my application is running on a cluster.

I'm willing to apply this pattern, but I was wondering where should I save the user map? Is there a context visible to all the machines in the cluster?

Thanks in advance

A:

You can persist it to share the data between cluster it any context is not shared.

org.life.java 2010-09-14 10:00:49

+2 A:

The point about running the application on a cluster is more important and relevant than the absence of JSF.

The requirement imposed by the cluster on any solution is that the solution require the use of a shared storage that is accessible to all members of the cluster. There are are several possible solutions that account for this requirement:

Use a database to store the list of all currently logged in users (with an ID to identify their session; JSESSIONID could be used, but it is better to use an ID that is guaranteed to be unique across all members in the cluster). Even a combination of user ID and cluster member ID will do. This is the easiest, but it will require you to test how your code handles failover (you might have to update the entries in the database on session failover).
Use the application context (the ServletContext). This is a possible solution, but not recommended at all. Although the application context is bound to be kept up to date in all cluster members, there is a cost to keep the contents up to date (increased network traffic among cluster members).
Use a distributed caching solution like Terracotta or Coherence. This solution is almost the same as the previous one, except that the session "map" will not be managed in the ServletContext. Network traffic is bound to occur when updating the distributed cache.

Vineet Reynolds 2010-09-14 10:25:06

related questions

Java Time Zone is messed up

Eclipse on win64

Automate builds for Java RCP for deployment with JNLP

Why are professors or schools picking Java over C++ to teach to students?

Is there a real benefit of using J#?

Public/Popular Websites using JavaServer Faces

Why can't I use a try block around my super() call?

Accessing post variables using Java Servlets

Personal Linux web server

Is this really widening vs autoboxing?

How can I Java webstart multiple, dependent, native libraries?

Why can't I call toString() on a Java primitive?

How do I use Java to read from a file that is actively being written?

What code analysis tools do you use for your Java projects?

IllegalArgumentException or NullPointerException for a null parameter?

How do I configure and communicate with a serial port?

What is the best way to parse strings in Java

Getting started with a custom JXTA PeerGroup

Creating a custom button in Java

How to get started "writing" a code coverage tool?

Which Build-/Configuration Management Tool?

What is the difference between an int and an Integer in Java/C#?

What is the meaning of the type safety warning in certain Java generics casts?

How would you access Object properties from within an object method?

Converting CSV File to XML in Java