You should store their current session ID in some kind of persistent store, like you say. Then I would suggest that if they log in a second time, that you invalidate the *old* session and let them continue with new one. I've seen that approach used on a large public web site.
Sean On Sunday, January 27, 2002, at 08:01 PM, Antony Stace wrote: > Hi > > I want the users in a Struts application to be only logged in > once at any one time. What is the > best way to go about this. I was thinking that I can have have > some sort of record in (an application > wide bean)/(a database record)/(the logon action) that keeps > track of who is logged on and when the log on process > happens this record is checked, if the user is already logged > on then don't let them log on again. The problem > I can see with this is that this works fine if the user logs > out of the application through a logout > action - the logout action can simply clear the record of the > user being logged in. But if the users browser crashes, they > reboot > the machine, they simply restart the browser then this record > will not be cleared and thus they will not be able to log in. > I cannot think of how I can > implement a mechanism to ensure only one log in at a time. The > thought of adding some sort of timeout value > seems a little nasty, since I hate it when I go to a site and I > am told I am alread logged in, please try back in > 10 minutes. > > Any ideas folks on how to handle this? > > > -- > > > Cheers > > Tony > --------------------------------------------------------------------- > > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > > -- > To unsubscribe, e-mail: <mailto:struts-user- > [EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:struts-user- > [EMAIL PROTECTED]> > _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
