2

I am using HttpServletRequest to authentify user .

The probleme is that many users can login with same account in the sametime. I want to detect when a new user is trying to connect with an account that is already connected .so the application give him two possibilities to leave or force authentification so automaticly the first session opened will be closed .

how can i do that ??

thats my code

public String Login() {
        try {
            message="";
            Date datehistorique = new Date();
            HttpServletRequest request = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
            request.login(username, password);


            if(request.isUserInRole("Administrateur"))
            { setGroupname("Administrateur");

                return "/profil/admin/adminHome.xhtml?faces-redirect=true";}   


            else {
                message= "Either Login or Password is wrong";
                return "/index.xhtml";
            }


        } catch(Exception e) {
            message= "Either Login or Password is wrong";
            this.groupname="";
            this.username="";  
            FacesContext.getCurrentInstance().addMessage(null, new FacesMessage(FacesMessage.SEVERITY_ERROR,"Votre Nom utilisateur ou votre Mot de passe est incorrect.", ""));
        }
        return null;
    }
marouanoviche
  • 253
  • 3
  • 11
  • 28
  • Logins has to be maintained in some datastructure on server side and then needs to be checked for this. How many times we duplicate this question? http://stackoverflow.com/questions/20899070/restrict-a-user-login-to-single-session-at-a-time-using-java-hibernate-web-appl, http://stackoverflow.com/questions/18548636/how-to-stop-already-signedin-user-to-sign-in-from-other-browser/18548717#18548717 - Please do some research before posting and expecting an answer. – ring bearer Jun 05 '15 at 07:55
  • @kocko This is probably the worst way of doing that since the implicit overhead of querying a database each time. Session are made for that and you could store it on magnetic disk or ram storage. – gmourier Jun 05 '15 at 08:00
  • i didnt get from all the question that are already posted the code that i need to add to mine to firstly detect if the session is opened , then kill it and create new session. – marouanoviche Jun 05 '15 at 08:10

0 Answers0