Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
We have a web application where users can login.
Now what we want is that the same user should not be able to login using different browsers.
Basically currently a user using two different browsers (IE and FF) can log in to the same account at the same time. When you hit the login button, is it possible to invalidate all other logins for that account.
What is the best possible approach to do this?
PS: We are using Struts, Spring and Hibernate in our web application.
Thanks !
Doing this on server-side is your best bet. You can keep tract of logged-in users in your application context.
Well, a little hint. Make use of a Servlet Filter, say
AuthFilter, and make validation, may beisAlreadyLoggedIn(), over there beside other validations like username/password etc.. Now after having this check in place, you either — that it depends what you want to do with the user trying to log in, show the message that “user already logged-in”, or you can let the user log-in and invalidate the previous session. As discussed here.