You have to store user log-in and log-out related information in database table like user name /id , session id and is user active or not.
So before login any user into application check whether this user active flag.If it is true it mean user is accessing the application currently then deny user or if it is false let user allow to access the application.
This is one approach which we did in our last application.However there is possibility for having different approach for same usecase.
But one base line is common that you should need to maintain user log-in and log-out information.
Prateek's approach is the way to go. You must have some kind of fallback to reset the user login info as otherwise you get calls from your users which can't login as they are already logged in from the systems point of view, but really aren't because they simply closed the browser and did not explicit used the logout.
Thanks for your responses.
I have some questions.
1. How can I override ADF security (based on JAAS) credentials checking mechanism j_security_check ?
2. How can I store users log-in log-out information in database? Which classess and which methods must be overriden? Can you show code sample of your realisation, please?
How can I check if user closed browser?
You can't check as the application dont get an event in this case. That is the reason I noted it on the thread!
You have to implement some kind of fall back like a special workflow which can delete the confusing information from the DB (e.g. make the user as if he has not logged in).
+1. How can I override ADF security (based on JAAS) credentials checking mechanism j_security_check ?+
Why do you want to override this?
+2. How can I store users log-in log-out information in database? Which classess and which methods must be overriden? Can you show code sample of your realisation, please?+
Authentication is not handled by ADF but WebLogic Server. If you want to track database login information you will need to write a custom JAAS Login Module and configure it as an authentication provider in WLS How can I check if user closed browser?
I would use a temporary cookie with no lifetime. This way, when the browser is closed, the cokie is unavailable, indicating that the user is good to login again. However, this then allows users to start 2 sessions using different browsers (again something you would need to check)
1. I need to check if user already logged or not before j_security_check
2. I am using ADF security based on JAAS. Authentication based on database credentials table, WLS sql auth provider is configured, too. I meant to store users log-in and log-out information.
3. How can I check coockie info on the server side?