CODEWITHSUNDEEP
javaspringjakarta-eeweb-applicationssession-management
naveen kumar
naveen kumar

Reputation: 23

Browser specific session management

Let me explain my scenario,

I have created a spring web application and deployed on tomcat. Then I opened a chrome browser and launched the application. It run successfully. Then again I have opened a new Browser lets say IE/Firefox. Then again I relaunched my application on it. Then the session available at Chrome browser should be invalidated or redirected to Login page. In simple way, I should be able access my web page in one browser at a time.

Is there any way to achieve this using spring ?? or any other way ??

Thanks Naveen

Upvotes: 1

Views: 1287

Answers (2)

Serge Ballesta
Serge Ballesta

Reputation: 148890

You did not say how you do your authentication. But as you are allready using Spring, I would advice you to use also Spring security that has configurable session management out of the box.

Using html config, you can ask that a new session invalidate a previous from same user with (extract from Spring Security Reference Manual 3.2.x / Security Namespace Configuration / Advanced Web Features / Session Management) :

<http>
  ...
  <session-management>
     <concurrency-control max-sessions="1" />
  </session-management>
</http>

or that a new session will fail with :

<http>
  ...
  <session-management>
     <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
  </session-management>
</http>

Upvotes: 1

Santosh
Santosh

Reputation: 17893

What you are looking for is not something out of box Java Web Container functionality. But this still can be achievable using some application logic. Here is one way to achieve this:

  1. Create a filter which stores the mapping of username as key and corresponding session id in some map (You can also use database for this); In case you use map, make sure you use ConcurrentHashMap.
  2. Add this filter after the Authentication Filter.
  3. This filter will be invoked for all the URLs.
  4. Whenever a user login is requested, this filter will simply add/overwrite the mapping of the username and current session id.
  5. For the all the other request (non-login), the filter will simply check if the current session id is same as the one stored in the map against the username. If yes then proceed, else invalidate the session (as user has done another login indicated by different session id) and redirect user with appropriate message.

Upvotes: 0

Related Questions