The new Oreilly book "JavaServer Pages" has a great way of doing
authentication with a tag and the existance of a "validUser" bean in the
session scope. It properly produces the original URL and is container
independant.
----- Original Message -----
From: "David Morton" <[EMAIL PROTECTED]>
To: "Orion-Interest" <[EMAIL PROTECTED]>
Sent: Thursday, March 22, 2001 9:47 PM
Subject: Simultaneous Username/Password Detection
>
> I am building a system that protects content by username and password. No
> problem there. The more complicated part of the system prevents two
people
> using the same username and password at the same time on our web site. I
> have a plan to do this, but I haven't seen if there are any common
> methods/techniques/strategies/design patterns to do this in a jsp
> environment. Nor do any of our developers have any experience in doing
this.
> Currently, I am just going to store server generated sessionId's and
> userId's with other necessary data/time checks......of course the user
must
> be able to take over use of that username and password because the browser
> may crash...or they forget to hit logout....and also I must flag when this
> happens too many times in a period of time as a red flag....obviously with
> an html web site, there is no 100% accurate way to only have one user
using
> the site at once, however, I can build it well enough that 95% of the
users
> that are giving out their passwords won't because it is annoying to keep
> re-logging in and being locked out for an hour if you trip one of our red
> flags.....thoughts? experiences?
> This is not for a porn site, however, I bet that porn people have
> something like this.
>
> David
>
