3

I have got a requirement where i need to ensure that no user can do multiple login So for this , i have made it login system centralized that is once the User successflly logs in , i am storing it in a Authenticator class as shown below and removing it from the HashMap once user clicks on log out 

public final class Authenticator {
    private static Authenticator authenticator = null;
      Map<String, String> usersStorage = new HashMap<String,String>();
     private Authenticator() {}
    public static Authenticator getInstance() {
        if ( authenticator == null ) {
            authenticator = new Authenticator();
        }
        return authenticator;
    }
    public Map<String, String> getusersStorage() {
        return usersStorage;
    }
    }

Upto this , everything is working good .

I have got some negative scenarios to handle also that is

  1. User can close the browser without clicking on Logout (Ctrl + W / browser cross Mark Button)

In that case is to possible to remove the key and Value from HashMap , if its idle for 15 minutes ??

please share your ideas of approaching this requirement .

3 Answers3

3

Basically what you need is session management. When user log in start a session and keep on refreshing the session whenever user do any actions on your website. And if user is not active for certain time (session time out) remove that user from session store.

If you are not interested in this session management, and you just want a Map kind of technique, then you can go for any Cache mechanism (eg:EhCache). It will do exactly what you asked for. But I prefer session management for this particular scenario.

IThinkSo
  • 74
  • 4
0

Consider Google Guava. The Cache classes are very versatile and also support time based expiration: https://code.google.com/p/guava-libraries/wiki/CachesExplained

ReneS
  • 3,535
  • 2
  • 26
  • 35
0

Usually for user-facing applications, you will have an application server that will take care of session management if configured correctly, e.g. Apache Tomcat will look for the session-timeout attribute in web.xml, which will look like the following:

<session-config>
    <session-timeout>30</session-timeout>
</session-config>

The value is taken in minutes.

llogiq
  • 13,815
  • 8
  • 40
  • 72
  • i cannot use session-config as i am using Jersey REST Webservixes and each request will have its new sessiion id everytime . –  Jun 03 '15 at 11:02
  • That sounds like a bad idea. Anyway, in that case you can of course use an in-application session. – llogiq Jun 03 '15 at 11:42