Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Im working in a Web App with Java and JSF. I have a simple login, if it finds the user in the database it creates a session and stores some information on it. That works great.
The thing is, I want to avoid two different people using the same user name and password at the same time. Something like account sharing. Only one user logged at one time.
I have been thinking this but I can’t find the correct approach.
Thanks in advance for all your help.
One way I can think of is to put a boolean field
logged_into the database and set it to true whenever someone log in and set it to false whenever someone log out or session expired. Set it to false when someone log out is easy. For the session expired part, I believe using JSF, you have a SessionScope managed bean storing information about the user after he log in. You can implement a@PreDestroymethod for that managed bean and ask it to set the field to false before it is deleted on session expired event.When someone send “username” and “password” to the server through the login panel, you just need to check if the
logged_infield is true or not.