DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Enterprise AI in 2024: Share your insights into ChatGPT, generative AI, MLOps, and more (+enter the raffle!) for DZone's March Trend Report.

DZone Research Report: A look at our developer audience, their tech stacks, and topics and tools they're exploring.

Getting Started With Large Language Models: A guide for both novices and seasoned practitioners to unlock the power of language models.

Managing API integrations: Assess your use case and needs — plus learn patterns for the design, build, and maintenance of your integrations.

Related

  • 7 Tips for Effective Cybersecurity Training for Developers
  • Mastering Thread-Local Variables in Java: Explanation and Issues
  • Explore Redis for User Session Management on AWS Elasticache
  • Deploy a Session Recording Solution Using Ansible and Audit Your Bastion Host

Trending

  • Comparing Real User Monitoring (RUM) vs. Synthetic Monitoring
  • Comprehensive Gun Detection for Schools: An AI-Based Approach Leveraging Audio and Video Insights
  • AI/Machine Learning Techniques: The Cheat Sheet
  • Designing a Rest API Part 1: Naming Syntax

Disable multiple logins for same user - Servlets and Sessions

Waqas Memon user avatar by
Waqas Memon
·
Sep. 09, 13 · News
Like (4)
Save
Tweet
Share
50.1K Views

Join the DZone community and get the full member experience.

Join For Free

There are many approaches including the database flag for a user to know whether a user is logged in currently or not. Database solution takes lot of work and amount of time to implement and has many problems including browser close should also log-out for the user does not wait so many minutes before sessions get invalidated automatically. HttpSessionListener must also be implemented in the database solution, hence I will strongly discourage the use of this approach, which involves re-inventing the wheel again and again because every developer has to do it on his own for his application. 

HttpSessionBindingListener

There are two ways users can be restricted to login from multiple sessions, either previous session of user be removed, or new session of user be disallowed. In both approaches I would recommend using HttpSessionBindingListener. Implementing this interface requires providing implementation for boolean equals(Object other),int hashCode(), voidvalueBound(HttpSessionBindingEvent event) and voidvalueUnbound(HttpSessionBindingEvent event).

public class LoginDto implements HttpSessionBindingListener {
  
  private String accountId
  private boolean alreadyLoggedIn;
  
  //setters and getters of all your User dto including accountId...

  private static Map<User, HttpSession> logins = new HashMap<User, HttpSession>();

  @Override
  public boolean equals(Object other) {
    return (other instanceof LoginDto) && (getAccountId() != null) ? 
     getAccountId().equals(((LoginDto) other).getAccountId()) : (other == this);
  }

  @Override
  public int hashCode() {
    return (getAccountId() != null) ? 
     (this.getClass().hashCode() + getAccountId().hashCode()) : super.hashCode();
  }

  @Override
  public void valueBound(HttpSessionBindingEvent event){
    HttpSession oldSession = logins.get(this);
    if (oldSession != null) {
      alreadyLoggedIn = true;
    } else {
      logins.put(this, event.getSession());
    }

    //Note: you can comment above code and remove comments from below code. removing comments from 
 //below code will remove old session of user and let the user log-in from new session.

    //HttpSession session = logins.remove(this);
    //if (session != null) {
    //  session.invalidate();
   //}
   //logins.put(this, event.getSession());  
  }

  @Override
  public void valueUnbound(HttpSessionBindingEvent event) {
    logins.remove(this);
  }

}//end of class LoginDto

 You do not need to do anything else except storing a LoginDto in session when a user logs in, or removing it on session timeout. Http Session Binding Listener should automatically invoke valueBound and valueUnbound methods whenever LoginDto is bound to session, not to mention, browser's close or in cases when users leave unexpectedly.

Example servlet code

if(//user is valid and validated from database etc...) {
    session.setAttribute("UserContext", dto); //this will invoke valueBound method of LoginDto.
    if(dto.isAlreadyLoggedIn()){
      session.removeAttribute("UserContext"); //this will invoke valueUnbound method of LoginDto
      throw new MyCustomException("You are already logged in from a different session. Please logout first.");
    }
}else {
    session.setAttribute("UserContext", null);
}
Session (web analytics)

Opinions expressed by DZone contributors are their own.

Related

  • 7 Tips for Effective Cybersecurity Training for Developers
  • Mastering Thread-Local Variables in Java: Explanation and Issues
  • Explore Redis for User Session Management on AWS Elasticache
  • Deploy a Session Recording Solution Using Ansible and Audit Your Bastion Host

Comments

Partner Resources

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends: