dcsimg
How to avoid duplicate login ?
1 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Anonymous
Posted On:   Tuesday, April 24, 2001 09:12 PM

hi! We are going to launch our website shorty on iPlanet AppServer with LDAP authentication. Any one please help on how can restrict the duplicate login of a user. I am planning for a solution like this: I will set a flag like ON/OFF for the user in a member table. When the user logs in, flag is set to ON. So, when he tries to log in again, we will send a warning message as : "U have already logged in. Close your previous session with us". When he logs out, the flag is set as OUT. Now the real problem comes when the user does not logout from out site, or any communication problem arises...like kind of situations.... For this I am looking for a solution as: I will have session for the use   More>>

hi!
We are going to launch our website shorty on iPlanet AppServer with LDAP authentication. Any one please
help on how can restrict the duplicate login of a user. I am planning for a solution like this:
I will set a flag like ON/OFF for the user in a member table. When the user logs in, flag is set to
ON. So, when he tries to log in again, we will send a warning message as : "U have already logged in.
Close your previous session with us".

When he logs out, the flag is set as OUT. Now the real problem comes when the user does not logout from
out site, or any communication problem arises...like kind of situations....
For this I am looking for a solution as: I will have session for the user. I will set a Session BindingListener
for the user. So, when the session times out, it will raise a event to a class where i will write the
code to set the user flag to OFF.
Does it works well! It is a standard way to do this....

Please ley me know any other solutions...and any link or source to learn more about this kind of situations...

bye!
shyam

   <<Less

Re: How to avoid duplicate login ?

Posted By:   sudhakar_chavali  
Posted On:   Tuesday, April 24, 2001 11:00 PM

Hi your idea works if the user logouts explicitly.If he closed the browser accidentally it gives the problem to the user.

So try this

when user logs in,check his name in the session context.If his login is not available mantain his login in the session.If user re logins with out closing his session(Logout) redirect the forgot password page to client for example.If he able to give correct answer for the question , then invalidate the previous session and start the new session for him else through him out of site

Regards

Sudhakar
About | Sitemap | Contact