I know this question was asked a lot, but I didn`t find anything that could help me.
I`m using Java, JSF, EJB, JPA, GlassFish, MySQL.
I developed web sites with autentification, using these technologies, but with only from one location (one session at a time) and if another user logged in from another location (s)he could see the state of the first users session.
Now I need to develop a multiuser web application with a commom home page and a few commom features, but the rest needs to be user dependent a multi thread access to the web application and to the database.
I need to:
- limit the users capabilities to start a session from only one location, one computer
- have them make them register on the site for a limited period of time (the profile should be active for 1 year lets say)
- to give them timeouts after 1 hour
and so on…
Please help me understand what I have to do to!
I dont know how and where to start, I read a lot of articles about this, but it was just bits and pieces and I dont have a full picture about this.
Thank you for your time, happy coding and keep up the excelent work your doing here!
This is not right. This application was badly designed from the beginning on. This can happen when you’re storing request and/or session-scoped data in a
staticvariable or in the application scope. This is not right. Request scoped data should be stored in non-staticvariable in a request scoped bean. Session scoped data should be stored in a non-staticvariable in a session scoped bean.In other words, stop using
staticvariables until you really understand what that means and don’t store the data in a too wide scope.See also: