Preventing Duplicate User LogIN
How to prevent Duplicate User Login ? The First User's Session has to be killed.
How to do this ?
How to prevent duplicate posts?
http://forum.java.sun.com/thread.jspa?threadID=632857&tstart=0
Similar Messages
-
Prevent same user login more than twice in Online examination Application
Hello Every Body,
I want to prevent my user login more than twice in my application so what should i do?
If user login twice then third time he must not be able to login and must not be able to attend online exam..
Please somebody help me ....BalusC wrote:
Implement HttpSessionListener or HttpSessionAttributeListener and get hold of all logged in Users and its Sessions in a Map. During login just check in the Map if the User isn't already in there. If it isn't, then add it to the map. If it is, then disallow login (or better, invalidate the previous Session and replace it in the Map it with current login). During logout, remove the User from the Map. During destroy of the session, remove the User from the Map.+"I want to prevent my user login more than twice in my application so what should i do?+
+If user login twice then third time he must not be able to login and must not be able to attend online exam.."+
Well i'm afraid that would not solve cause the end user's requirement.To me end user actually wants to stop any user to login his application(for taking an exam) more that twice. He has not added a clause stating end user at the sametime. Therefore, it is up to end user clearly define what is actual requirement is. -
Any method to prevent a user login with 1 account, but several machines?
May I ask for your recommendations to prevent a user to login my application with his/her account through different computers?
Background information:
1. My application is developed with BC4J framework.
2. Login details: Once a user's is validated with their user id and password stored in a backend database table, he/she would be granted the right to use my application with a common connection account, as stated with the configuration details specified.
Here is my solution:
- When a user login my application, I'll lookup if there is any existing user record in a database table, let say, TBL_CURR_USERS. If no user record is found, the user will be granted the right of launching my applications and have a user record written down in the table TBL_CURR_USERS. If a user record is found, the user will receive an error message - "Your specified account is in use. You are not allowed to enter until your specified account has been logged off."
- Problem: My problem is - how to trigger the event for removing the record in the table TBL_CURR_USER when user logs out implicity or internet connection interrupts. Let say, when the user close the browser by clicking the 'X' icon, I have nothing to trigger my deletion for the user record in the TBL_CURR_USERS table. If so, in the long term, many users will not be able to use my application until housekeeping is done for the table TBL_CURR_USERS ... what should I do? Any Java solutions or JDeveloper solutions available?
Thanks for your replying!I had the same problem and I resolved in a different way. In the application server I have a Set in the context and I add a user when the login is successful and I remove it (I store the user even in the session) when the session expires (I have a session listener) or when the user explicitly logouts.
I don't need table and I don't need to do anything if the application server crashes.
If you don't use connection pooling you could use a logon trigger on the database.
I hope it helps,
Giovanni -
Hi there,
I wonder if there is any approach to prevent duplicate login to Weblogic
server using the same userID and password.(weblogic provided or programmatic
is OK). I tried to use a table to maintain the current active user
information, but when the user just quits the browser or the weblogic server
is shut down, this will not work because the flag still remain in the table.
Does anyone have try it before or know how to do it?
Thanks in advanced.
KenThanks for your reply.
Actually, I am now using the similar solution except that I place a static
field(a hashtable) in the class that implements the
HttpSessionBindingListener to record the current users rather than store the
information in database table. Thus when the application server shuts down,
I don't need to clear the dirty data in the table.
Ken
Andy <[email protected]> wrote in message
news:[email protected]...
>
i'm doing the same thing with an application. i've extended theAuthFilter class
and whenever a user logs into the application i insert a row into a"current users"
table. i also set an object into the user's session that implements theHttpSessionBindingListener.
when the session expires (either by the user by logging out or times outwithin
weblogic) the server calls my class that was inserted into the user'ssession
at which time i remove the row from the "current users" table.
hope this helps -
"Neil Smithline" <[email protected]> wrote:
I believe that due to the loose coupling of a web browser and the server
as
defined in the HTTP spec, there is no way to ensure that both sides have
an
identical concept of "logged in". Any solution you propose will have
errors
as you described below. The server just plain can't tell the difference
between a slow-to-respond user, a user who's browser has crashed, a user
who
is having network problems, etc... This is not a WLS specific problem,
it
is HTTP.
Neil Smithline
WLS Security Architect
BEA Systems
"Ken Hu" <[email protected]> wrote in message
news:[email protected]...
Hi there,
I wonder if there is any approach to prevent duplicate login to
Weblogic
server using the same userID and password.(weblogic provided orprogrammatic
is OK). I tried to use a table to maintain the current active user
information, but when the user just quits the browser or the weblogicserver
is shut down, this will not work because the flag still remain in thetable.
Does anyone have try it before or know how to do it?
Thanks in advanced.
Ken -
Prevent the same user login on multiple computers at the same time
prevent the same user login on multiple computers at the same time
Is there any way (currently running 2012 Servers) that we can prevent users from logging into multiple domain computers simultaneously with the same username?
We still want them to log into those computers, just not simultaneously?
LimitLogin utility not work in Windows 2012 server.
Thanks.
Babu
Unfortunately Windows has never offered this feature as a built-in feature, but there are several possibilities discussed in these articles:
https://social.technet.microsoft.com/Forums/windowsserver/en-US/0103b5e7-0db5-4fb4-bfe7-d7132983880a/limit-concurrent-logins-on-a-ws-2008-environment
http://www.edugeek.net/forums/windows-server-2008-r2/61216-multiple-logins.html
http://windowsitpro.com/windows/prevent-multiple-logons-gpos
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!) -
How can i prevent a user to login more than once at the same time ?
Supose there are a user , D .
and i am using thread and socket in the application.
once a user logined in , it will open a new socket .
Well , but D is trying to login twice at the same time ... and my thread is opening two socket for him .... , how can i prevent that ?
*thanks for help and sorry for my poor englishThanks for reply
ya ~ i've got a solution ~
actually i am doing a server for mobile phone to get data. Sometime 1 single ID will send twice a message (usually nokXX mobile phones) .. i use milli sec to check those message ....
n it seems working .... -
Hi there,
Please can anyone instruct me on how to set up Group Policy to clear down MRU lists and to clear or to prevent user login details for programs such as Remote Desktop from being recorded. Your help would be much appreciated.
Kind regards,
RocknRollTim
P.S. I was redirected by a forum user off the Microsoft Community forum.Hi RocknRollTim,
Agree with Jason. Using a script will be a better option.
Just addition, for history of RDP Connections, please open Registry Editor and follow the path:
HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default. Please check if find MRU registry items where the name (or the IP address) of the terminal server is kept in.
Please also follow the path: HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers. It contains
the list of all RDC (remote desktop client) connections that have ever been established from this computer.
When expand Server folder and select a node, you will see the UsernameHint key that show the name of the user connected by rdp.
Please back up registry items to avoid unexpected issues before any operation.
If any update, please feel free to let us know.
Hope this helps.
Best regards,
Justin Gu
Thank you for responding back Justin Gu and I agree with both you and Jason Miller that a script can easily achieve this task. Thank you all for your help.
Many thanks,
RocknRollTim -
Preventing duplicate ilearning user accounts
We are using the self registration process in Oracle iLearning 5.0b1 and need to ensure that duplicate user accounts are not created. According to the iLearning Help the "username" is supposed to be unique and is part of the validation process but this out-of-the-box validation is not functioning properly. I am in the process of researching this issue on Oracle Support website.
Does anyone know where the validation code is for the username?
The client would like additional validation done on the first name, last name and email address.
Any ideas on the best way to do this validation would be greatly appreciated.
Thanks,
JCHi JC,
Usernames in iLearning are case sensitive, so if users create accounts with the same username but mixed case, these are treated as separate user accounts within the system.
The iLearning PLUS solution we offer our customers can perform additional validation checks such as the ones you describe prior to creating an account within iLearning. It can also be configured to utilize the user's email address as their username, force upper or lower case, require a validation by the user sent to their registered email address and more. There's also a user reconciliation feature available to administrators that allows you to merge duplicate accounts into a single account.
Feel free to contact me for more information if interested
Scott
http://www.seertechsolutions.com
[email protected] -
Using Session Variables for User Login - sometimes they don't persist... what am I doing wrong?
Hi all,
I'm running a site that requires user login. I approached the building of this site as almost a complete newb to CF (and dynamic coding in general), and it's been a great learing experience (with lots of help from you guys).
However, I guess I never learned the correct way to handle a user login. It seemed to me that I could just test the user-entered credentials against those stored in a database, then set a session variable containg that user's record number. Then, not only would I have an easy way of knowing who this user was and therefore what info to serve him, but I could test for the existence of a valid login on every page in the protected folder, by adding this code to my application.cfc in that folder:
<cfset This.Sessionmanagement=true>
<cfset This.Sessiontimeout="#createtimespan(0,8,0,0)#">
<cfif NOT isDefined ("session.username") or NOT isDefined ("session.password") or NOT isDefined ("session.storeID")>
<cflocation url="../index.cfm" addtoken="no">
</cfif>
...and it goes on to run a query and verify that the session.username and session.password match for the store defined by session.storeID. If not, all session variables are cleared and it bounces you back to the login page. When the user clicks Logout, all I do is delete all the session variables.
This seemed to work great for like a year, but lately I've been getting reports that the login doesn't seem to persist for longer than approx. 20 minutes of inactivity. You can see I specified session variables to remain active for 8 hours (I know that seems like a drastically long login, but it's what's necessary for this application). I've only gotten this report from a few people, and I myself can't seem to duplicate it... I've tested an inactive login for 45 minutes now and it held.
SO: any reason you can think of why session variables would be spontaneously clearing for some people? Would having your router reset its IP address invalidate the session or something? Also, the problem seemed to begin appearing after my host upgraded all their servers to CF9... could there be any relation?
And on a more general note... did I go about this completely the wrong way to begin with? If so, what's the standard way to manage a login?
Lots of questions, I know... thanks very much for any answers or suggestions!
JoeIan,
Thanks very much - very helpful information.
Sounds like passing the tokens in every request is probably the way to go for this. I don't think it's likely that any users will be sharing links, unless they actually intend for the recipient to see their info anyway.
Is that all I would have to do, is add the tokens to every path? Would that guarantee that all the session variables would remain valid until timeout or being cleared?
Again, thanks, you've been really helpful.
Joe
On Jun 23, 2010 4:37 PM, Ian Skinner <[email protected]> wrote:
Unfortunately this is the nature of HTTP web applications. There is NO state maintained from HTTP request to request. This is by design in the HTTP protocol specifications.
ColdFusion provides two methods to circumvent this limitation. Each method has limitations and caveats. They both rely on the passing of tokens between the client and the server with every request. These tokens can be passed as cookies OR URL (GET) variables. You are using the cookie method, which is the simpler and most common. You may be experiencing the limitation of this method. If something happens to the cookies the session can be lost.
You could pass the (CFID & CFTOKEN) OR JESSIONID tokens through the URL query string with every request. This requires one to add these values to every link, form action, cflocation or other request path in our application. ColdFusion provides the session.urltoken variable to make this easier to do. The tokens will be visible to the user. Also if the links with an individual token is share with other users, via e-mail, chat, social networks, etc and one of these users utilize the link during the life of a session (8 hours apparently in your case). Then that user will access the session of the original user.
Cookie session management is by far the most common choice by CF developers. If these methods do not meet your needs you would need to go beyond the HTTP limitations of web applications. One might be able to accomplish this with a Flex|Air|Flash applications that can be configured to use a continuous connection to the server. Thus not suffer the stateless nature of the normal HTTP request-response cycle.
I do not know if a router resetting would cause cookies to be discarded or otherwise invalidated. But I would not think it is beyond the relm of possibilities. -
I would like to prevent any user including admins from modifying a stored procedure
I would like to prevent any user including admins (apart from myself) from modifying a stored procedure.
I cant use encryption because i need people to be able to read the code, I cant use trigger because we arent able to add triggers to system tables.
Any ideas?You cannot prevent from the logins who are members of sysadmin role to modify stored procedures.
If you DENY ALTER SCHEMA then the user won't be able to issue any DDL changes (CREATE, ALTER, DROP) that affect objects in that schema
Best Regards,Uri Dimant SQL Server MVP,
http://sqlblog.com/blogs/uri_dimant/
MS SQL optimization: MS SQL Development and Optimization
MS SQL Consulting:
Large scale of database and data cleansing
Remote DBA Services:
Improves MS SQL Database Performance
SQL Server Integration Services:
Business Intelligence -
Limit a Windows 7 machine to 1 user login at a time
I've searched everywhere for a solution to this but have not found anything outside of restarting the machine.
I need to limit a Windows 7 computer to only allow one user logged in at a time. This machine has applications only allow one user to run them at a time. So if a user locks this machine and walks off and if the next user switches user and logs in, none of
the programs will work because the first user's session is now suspended.
Is there anything that will kick the suspended user off? So if a user forgets to log out and the screen is locked, the second user's login would force the first user to log off?I know this was 1.5 year ago, but people search the web for these solutions for years and for years these solutions continue to help others, but not when people are so very much OFF TRACK with what the OP asked for. It shouldn't surprise me, but it is astounding
at how people do not communicate well and instead of reading what the OP asked for carefully the proposed answer here does NOT address the OP's question... it got the "BREEZE BY ANSWER".
NOW - TO the OP Cherickson HERE's the BEST answer I've been able to determine on my OWN since ALLLLLLLLL of the other posts online I read ALSO were answered OFF TOPIC:
DISABLE FAST USER SWITCHING (speaking from a Windows 7 environment)
Here's the GPO to do it (Open Group Policy Management Editor on a DOMAIN or Active Directory server):
Default Domain Policy [ServerNameHere] > Computer Configuration > Administrative Templates > System > Logon > Hide entry points for Fast User Switching
Set Hide entry points for Fast User Switching to Enabled.
FOR non-DOMAIN non-Group-Policy controlled PC's use "Local Group Policy Editor" via gpedit.msc
(NOT NOT NOT "Local Security Policy" via secpol.msc) and visit:
Local Computer Policy > Computer Configuration > Administrative Templates > System > Logon > Hide entry points for Fast User Switching
Set Hide entry points for Fast User Switching to Enabled.
Now, to be "EXACTING" here, this does not "PREVENT" multiple users from logging into the same PC at one time "per say", but it ends up having that effect on "PEOPLE" because "PEOPLE" are very predictable
in a network environment and they aren't worried about saving PC resources for themselves or others... they just use the PC.
Setting Hide entry points for Fast User Switching to Enabled REMOVES the option for users to "SWITCH USER" while they are logged into Windows (fat client) and it also removes the "SWITCH USER" from the Welcome/Logon screen,
thereby forcing them to "LOG OFF" themselves (or whomever is logged in) manually and thereby then they are presented with an option to Log In using their own Windows user account. This is great, because it keeps the PC resources for just 1 logged
in user at a time instead of you being called to examine a slow PC only to find that the lazy users out there left 2 or 3 or MORE users logged in at once despite being told 100 times or more that they shouldn't do that. :) EXPERIENCE??? :)
Now, if you have an advanced user, doing things with other users logging in the background of their own user session (IE: RUN-AS on some shortcut lets say) then they should still be able to do all that jazz too even though Fast User Switching is turned off.....
but this is usually pretty unlikely and usually that would be someone amongst the IT staff.
So to summarize:
Set policy "Hide entry points for Fast User Switching" to Enabled in order to have only 1 user logged on any given PC "at one time" - IE: Prevent concurrent Windows user Logins
NOW.... I elect MYSELF and MY ANSWER as BEST ANSWER in this THREAD, because its the ONLY ANSWER that addresses the OP's request. -
Need advice on preventing duplicate entries in People table
Hi,
In my database, I have a "People" table where I store basic information about people e.g. PersonId, FirstName, LastName, Gender, etc.
There will be lots of entries made into this table and I want to prevent duplicate entries as much as humanly possible. I'd appreciate some pointers on what I should do to minimize duplicates.
My primary concerns are:
Duplicate entries for the same person using the person's full name vs. given name e.g. Mike Smith and Michael Smith
Making sure that two separate individuals with identical names do get entered into the table and get their unique PersonId's.
Not even sure how I can even possibly know if two individuals with identical names are two different people without having additional information but I wanted to ask the question anyway.
Thanks, SamThank you all very much for your responses.
There are three separate issues/points here.
It is clear that it is impossible to prevent duplicates using only a person's first, middle and last names. Once I rely on an additional piece of information, then things get "easier" though nothing is bullet proof. I felt that this was self evident but
wanted to ask the question anyway.
Second issue is "potential" duplicates where there are some variations in the name e.g. Mike vs Michael. I'd like a bit more advice on this. I assume I need to create a table to define variations of a name to catch potential duplicates.
The third point is what Celko brought up -- rather nicely too :-) I understand both his and Erland's points on this as typical relational DB designs usually create people/user tables based upon their context e.g. Employees, Customers, etc.
I fundamentally disagree with this approach -- though it is currently the norm in most commercial DB designs. The reason for that is that it actually creates duplicates and my point is to prevent them. I'm going for more of an object based approach in the DB
design where a person is a person regardless of the different roles he/she may play and I see no reason in repeating some of the information about the person e.g. repeating first, last name, gender, etc in both customer and employee tables.
I strongly believe that all the information that are directly related to a person should be kept in the People table and referenced in different business contexts as necessary.
For example, I assign every person a PersonId in the People table. I then use the PersonId as part of the primary key in the Customers or Employees table as well. Obviously, PersonId is also a foreign key in Customers and Employees tables. This prevents the
need for a separate CustomerId and allows me to centralize all the personal data in the People table.
In my opinion this has three advantages:
Prevent duplication of data
Allow global edits e.g. if the last name of a female employee changes, it is automatically updated for her within the context of "Customer" role she may play in the application.
Last but not least, data enrichment where a person may enter additional data about himself/herself in different contexts. For example, in the employee context, we may have the person's spouse information through "Emergency Contacts" which may come handy
within the context of customer for this person.
Having everyone in the People table gives me these three advantages.
Thanks, Sam -
I need to prevent unauthorized users from accessing the application pages
Hi^^,
I have created an application in jsp and servlets. It has several pages like manager, supervisor accountant. I need to prevent unauthorised users from accessing these pages. In other words I need to implement a filter. Anyone who types a url other than that of the login page needs to be blocked. However I am not able to conceptualize the code that is going to be inside the doFilter() method. Please help
Sincerely,
PrashantHi^^,
I admit that there were some mistakes in the previous posting. I have corrected the mistakes and now there is going to be no compile time error. However when i put in the login id and the password it is redirecting me to the login page. I think that the front end jsp is directing the control to the controller servlet. But as "YOU" have pointed out in your previous post,
"by default requestDispatcher.forward(...) does not pass through the filter change. If the user requests the login page from their browser however, then they will still get the error message, which may not be appropriate."
I feel we need to somehow make the code pass through the requestDispatcher.forward(...) method of the servlet.
I am again posting the corrected code.
package com;
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class SecurityFilter implements Filter
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse res = (HttpServletResponse)response;
String X = req.getRequestURI();
if(X.equals(http://localhost:8080/MyProject/LoginPage.jsp))
//writing code for passing through the filter
final class MyGenericFilter implements javax.servlet.Filter
public FilterConfig filterConfig;
public void doFilter( final ServletRequest request, final ServletResponse response, FilterChain chain) throws java.io.IOExeption, javax.servlet.ServletException
chain.doFilter(request,response);
public void init(final FilterConfig filterConfig)
this.filterConfig = filterConfig;
public void destroy()
else
HttpSession session = req.getSession();
String username = (String)session.getAttribute("username");
if(null==username)
request.setAttribute("Error","Session has ended. Please login");
RequestDispatcher rd = request.getRequestDispatcher("Login.jsp");
rd.forward(request,response);
chain.doFilter(request,response);
else
RequestDispatcher rd = request.getRequestDispatcher("X");
rd.forward(request,response);
public void init(final FilterConfig filterConfig)throws ServletException
public void destroy()
Edited by: pksingh79 on Aug 12, 2008 5:23 AM -
Preventing Duplicate fields in forms
Hi,
We have a requirement of preventing the user entering duplicate fields.
For example
The user enters vendor number XXXX in the first record
and when he comes to second record or any subsequent record he should be prevented from entering XXXX.
ThanksHi there,
If the user is entering a 'new' record for a vendor and if the vendor number has to be unique, you should consider making the field a primary key and have the system generate the number (through a Sequence) rather than user-entered. This would avoid the 'problem' that is in question.
Regards,
John -
How do i prevent the user from entering a RETURN/ENTER key into their username?
Hello,
i am currently trying to make a login system where the
username will obviously enter their username.
I have made my user input box editable and set up variables
to accept the user input and store them into variables, along with
error prevention for blank fields.
However i cannot prevent the user from hitting the
"enter"/"return" key. When i hit "enter" the user input box box
gets larger as the type curser moves onto the next line and when
the username is stored in a variable it is stored as "theuser
RETURN" so when variable is passed to the next frame and is
recalled by another text box to display the username, the user name
has a carriage return.
I want to prevent this, anyone got any suggestions? or know
of any websites i can visit which will explain this to me nicely??
Thank yousuggestion:
don't make the edit field editable right from the start.
rather attach a behaviour to the field/text-sprite like:
property mySprite, myMember
on beginsprite me
Sprite = me.spritenum
-- this is the channel-number of the editbox
myMember = mySprite.member.number
-- this is the field/text-member
member(myMember).editable = FALSE
end beginsprite
on mouseup me
-- when i get clicked for editing, then set me editable
member(mymember).editable = TRUE
the keydownscript = "MyKeyhandler"
-- this sets the keyhandler to YOUR keyhandler, see below
end mouseup
You would then need to have YOUR keyhandler in any mociesript
and there you
would block any unwished key, while editing
on MyKeyhandler
case the key of
RETURN:
stopevent;
otherwise
pass;
end case
end MyKeyhandler
in the end you would attach a behaviour to any
"Submit"-button (this is the
one that "gets" the userinput" and performs further action
according to your
wishes and decisions)
on mouseup
the keydownscript = EMPTY
-- this resets to normal
user-ID = member("Whatever the number or name of your
editfield
is").text
member("Whatever the number or name of your editfield
is").editable
= FALSE
-- any further actions to make in your project
-- to get along with the entered User-ID
end mouseup
something like this, I guess
Peter
Maybe you are looking for
-
Does anyone know how to sync my email account which is on my iMac, my MacBook Air, and my iPhone with my new iPad that uses the Cloud. none of my other Apple devices can use the cloud. Please Help me use the same email account on my iPad!
-
GPU Acceleration In Premiere Pro CC
Do you have it when exporting via Adobe Media Encoder? I don't seem to. I ran some tests several weeks back which clearly showed that GPU acceleration was not working when exporting through AME, but worked fine when doing a direct Export. I ran the
-
if I change membership of a user in the enterprise portal the license does not adapt on the desktop application or web overview. I have tried changing group membership and changing the user. While changing the membership an error 500 returns at the t
-
hi While working on cProjects on IDEC server at client site, while setting up the dash borad following message appeared and now cProjects is not opening. Error: The URL http://ides.amgdom.com:8000/sap/bc/webdynpro/sap/cprojects/ was not called due to
-
I am getting the following message: Aug 29 08:20:04 MyBuiltMac installd[3657]: PackageKit: packages=(\n "PKLeopardPackage <file://localhost/Volumes/Xcode%20and%20iPhone%20SDK/Packages/DeveloperTools.pk g>",\n "PKLeopardPackage <file://localhost/Volum