Reputation: 4973
How to restrict only one session at a time per user in Java Web App?
I am using Tomcat 7.0, Spring 4.0.2, Web Module 3.0 in eclipse for my web application. There is one requirement in my application that one user must not allow to login from two different clients. Along with this I need to consider this.
The solution I can think :
--> Declaring one static Set at app level.
--> Check before every check whether username contains in that Set or not, if contains then I will not allow to login.
--> Add username in Set after every login in Set.
--> Remove username after every logout from Set.
But I cannot think all scenarios when this solution will fail. I think when user will close browser directly, this will not work. Please help to find out all scenarios and also proper solution which will handle all scenarios. Thanks in advance.
Upvotes: 0
Views: 5844
Answers (1)
Reputation: 23246
Spring Security supports this out of the box. Can you migrate your authentication process to use Spring Security?
See section 2.3.3 Concurrent Session Management below:
http://docs.spring.io/spring-security/site/docs/3.0.x/reference/springsecurity-single.html
Upvotes: 2
Related Questions
- Allow only one session per user
- Limit Maximum Concurrent Session per user
- How to prevent multiple login in Spring Security
- how do I allow only one session to Spring REST web service at one time?
- Disable multiple user login for web based application
- enforcing at most one user in a JSP application
- Only allow 1 user login in Spring Sercurity
- preventing multiple user login for same user in java
- Restrict a user login to single session at a time using java, hibernate web application without spring
- How to limit only one session per user and block the subsequent login attempt?