http session 1

wekoweko · Feb 1, 2004

hi there, just wanted to know if any of you out there know of any way to make sure no multiple and simultaneous logons for a single user to a site using only session, i know this can be done via a back-end table but would like to implement the functionality using session objects only, thanks

sedj · Feb 1, 2004

A HttpSession object is assigned to a browser-IP config - so when they hit your site, an HttpSession object is assigned before login. Logging-in is thus very different to having a session, and there is no in-built mechanism to support this in the HttpSession object iteself.

That being said, one simple hack would be :

once they log in, assign a variable to the HttpSession such as this :

Code:

HttpSession session = request.getSession();
session.setAttribute(&quot;login&quot;, &quot;yes&quot;);

So if you want to know if they are logged in, all you do is

Code:

Object loggedIn = session.getAttribute(&quot;login&quot;);
if (loggedIn != null) {
  // Yep, they are logged in
} else {
   // No, they are not logged in (or the attribute has been lost by the session object!)
}

I think backend validation is probably safer, but this will work.

wekoweko · Feb 1, 2004

thanks dude, well actually that will just allow me to see if the current users login session is still valid, what i actually want to see is if the user is already logged on somewhere else and wants to create another login session, anyway i think you are right, backend validation is probably the best answer, thanks again

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

http session 1

wekoweko

Programmer

sedj

Programmer

wekoweko

Programmer

Similar threads

Part and Inventory Search

Sponsor