For an account only one person can log in at the same time, it can be achieved by the following methods:
1 . When the user logs in, add the user to an ArrayList
2 . Check if the user exists in the ArrayList when logging in again, and prevent the user from logging in if the user already exists in the ArrayList
3. When the user logs out, the user needs to be removed from the ArrayList, which is divided into three cases
①Use the logout button to log out normally
②Click the browser close button or use Alt+F4 to exit, you can use javascript to capture the page close event,
Execute a java method to delete users in ArrayList
③ Abnormal exit, such as client system crash or sudden shutdown, can be solved by deleting the user corresponding to the session when the session is inactive for a period of time, so that the user can log in normally after waiting for a period of time.
Defined in LoginAction:
// 用来在服务器端存储登录的所有帐号
public static List logonAccounts;
login() 登录方法中:
// 设置session不活动时间为30分
request.getSession().setMaxInactiveInterval(60*30);
if(logonAccounts==null){
logonAccounts = new ArrayList();
}
// 查看ArrayList中有没有该用户
for (int i = 0; i < logonAccounts.size(); i++) {
Account existAccount = (Account)logonAccounts.get(i);
if(account.getAccountId().equals(existAccount.getAccountId())){
return "denied";
}
}
// 在用户登录时,把sessionId添加到一个account对象中
// 在后面 ③ 需要根据此sessionId删除相应用户
account.setSessionId(request.getSession().getId());
// 该用户保存到ArrayList静态类变量中
logonAccounts.add(account);
return "login";
①Use the logout button to log out normally
In logout() exit method:
if(logonAccounts==null){
logonAccounts = new ArrayList();
}
// 删除ArrayList中的用户 ⑴
for (int i = 0; i < logonAccounts.size(); i++) {
Account existAccount = (Account)logonAccounts.get(i);
if(account.getAccountId().equals(existAccount.getAccountId())){
logonAccounts.remove(account);
}
}
②Click the browser close button or exit with Alt+F4:
Pop up a window in the background, delete the user in the ArrayList in the popup
function window.onbeforeunload(){
// 是否通过关闭按钮或者用Alt+F4退出
// 如果为刷新触发onbeforeunload事件,下面if语句不执行
if (event.clientX>document.body.clientWidth && event.clientY<0||event.altKey){
window.open('accountUnbound.jsp','',
'height=0,width=0,top=10000,left=10000')
}
}
accountUnbound.jsp : remove users from ArrayList in popup
<%
Account account = (Account) request.getSession().getAttribute("account");
if(account != null){
if(LoginAction.logonAccounts==null){
LoginAction.logonAccounts = new ArrayList();
}
// 删除ArrayList中的用户——下面代码和上面的 ⑴ 处一样
for (int i = 0; i < logonAccounts.size(); i++) {
Account existAccount = (Account)logonAccounts.get(i);
if(account.getAccountId().equals(existAccount.getAccountId())){
logonAccounts.remove(account);
}
}
}
%>
In order to ensure that the above code can be executed, close this popup window after 3 seconds (also located in accountUnbound.jsp)
<script>
setTimeout("closeWindow();",3000);
function closeWindow(){
window.close();
}
</script>
③ Make the LoginAction implement implements HttpSessionListener, and implement the sessionCreated, sessionDestroyed methods, and delete the users in the ArrayList in sessionDestroyed (this method is executed if the user is inactive for more than 30 minutes)
public void sessionDestroyed(HttpSessionEvent event) {
// 取得不活动时的sessionId,并根据其删除相应logonAccounts中的用户
String sessionId = event.getSession().getId();
for (int i = 0; i < logonAccounts.size(); i++) {
Account existAccount = (Account)logonAccounts.get(i);
if(account.getSessionId().equals(existAccount.getSessionId())){
logonAccounts.remove(account);
}
}
}
Note:
For the above, because the pop-up window is easily blocked by the firewall or security software, the pop-up window cannot be popped up, so that you cannot log in for a short time. In this case, you can use AJAX to replace the pop-up window, and also execute the code to delete the user in the background, but No firewall restrictions:
<script>
// <![CDATA[
var http_request = false;
function makeRequest(url) {
http_request = false;
if (window.XMLHttpRequest) { // Mozilla, Safari,...
http_request = new XMLHttpRequest();
if (http_request.overrideMimeType) {
http_request.overrideMimeType('text/xml');
}
} else if (window.ActiveXObject) { // IE
try {
http_request = new ActiveXObject("Msxml2.XMLHTTP");
} catch (e) {
try {
http_request = new ActiveXObject("Microsoft.XMLHTTP");
} catch (e) {
}
}
}
if (!http_request) {
alert('Giving up :( Cannot create an XMLHTTP instance');
return false;
}
http_request.onreadystatechange = alertContents;
http_request.open('GET', url, true);
http_request.send(null);
}
function alertContents() {
if (http_request.readyState == 4) {
if (http_request.status == 200) {
window.close();
} else {
alert('There was a problem with the request.');
}
}
}
function window. onbeforeunload() {
makeRequest ('accountUnbound.jsp');
}
//]]>
</script>
For the above ajax code, there are many detailed explanations on the Internet. Adding it to the onbeforeunload() browser closing event, the effect of executing the code in the background is very good, and there is no need to worry about the problem that the pop-up window is sometimes invalid.
After using this code, the js code for closing the pop-up window window.close(); in accountUnbound.jsp in ② above is not needed.