0

I'm developing an application that user can log in in the system, and if another user tries to log in with the same id and password of the user that already logged, I need to invalidate the session of this user that already logged in and make him/her go back to the first page and make log in with the new user.

How can I develop this?

jamesmortensen
  • 33,636
  • 11
  • 99
  • 120
Lennon Spirlandelli
  • 3,131
  • 5
  • 26
  • 51
  • Why? What can't the user be logged in twice? What's the business problem being addressed here? – user207421 Jul 28 '12 at 04:21
  • I'm developing a software to a company and them want so. I tried to say them to make different, but with them don't have conversation. Thank you by the opinion – Lennon Spirlandelli Jul 30 '12 at 13:17

1 Answers1

3

You may need to keep track of already logged-in users either in application scope/DB. For each user when you try to create a session, make sure no other session already exists. If exists by using SessionListeners you may need to do session invalidate.

jamesmortensen
  • 33,636
  • 11
  • 99
  • 120
kosa
  • 65,990
  • 13
  • 130
  • 167
  • but how can I invalidate a session of another computer/person/browser? Would have how make this by the server? – Lennon Spirlandelli Jul 30 '12 at 13:06
  • What do you mean by another computer/person/browser? Could you update question with a realistic scenario? – kosa Jul 30 '12 at 14:40
  • because I'm developing a software where each official of the company has a user in the system and the client wants that the system drop down the user that was logged in when to try to make login with the user that already logged in the system. Fo.r example: I will try to log in with a user, and the system detects that this user is already connected, then for me log in with this user, I have to invalidate his session, after that, I will log in normally. – Lennon Spirlandelli Jul 30 '12 at 18:05
  • If you are developing application, inside your application you will write logic for session management. So, for each user connection, your servlet container assings sessionID. From this sessionId you can findout the session on the container (server). Once you are able to identify the session you can invalidate. All this logic need to be coded by you inside the application you are developing. – kosa Jul 30 '12 at 20:39
  • Read these links http://stackoverflow.com/questions/1835764/java-session-management and http://stackoverflow.com/questions/3067383/what-is-session-management-in-java – kosa Jul 30 '12 at 20:40
  • Ok, but I wanna invalidate the session from another browser in another computer. The server can get all sessions of all browsers? – Lennon Spirlandelli Jul 31 '12 at 18:02
  • Server is the one which maintains sessions for all connections (if your code contains session maintenance logic). – kosa Jul 31 '12 at 18:11
  • I found a method that gets all the sessions, but is deprecated and does not work, but I will save de session id in the database and when the user that was offline make something, the system will check and it will return to the log page. Nevertheless thank you by your time. – Lennon Spirlandelli Jul 31 '12 at 19:51