lock logged in user in oracle by java

You need to manage a map of logged in users, Map<String, String> userToSessionIdMap when user logs in you check if there is any session exist for this user name if yes deny else allow login,

Now on logout you need to remove the entry from map, also you need to implement HttpSessionBindingListener so when session expires it removes the entry again

Also See

• prevent multiple login using the same user name and password
• Preventing multiple login

Let the database do it's own job!

(This solution assumes that you can get help from DBAs; or you have SYSDBA access to the database.)

First create a profile that allows only 1 session per user:

CREATE PROFILE single_session_profile       LIMIT SESSIONS_PER_USER 1;

Then create the user with the right profile or alter an existing user to use the profile:

CREATE USER user_a       IDENTIFIED BY user_id       DEFAULT TABLESPACE users       TEMPORARY TABLESPACE temp       QUOTA UNLIMITED ON users       PROFILE single_session_profile;

or

ALTER  USER user_a       PROFILE single_session_profile;

Finally, the database needs to be observe these limits:

ALTER  SYSTEM SET RESOURCE_LIMIT = TRUE SCOPE = MEMORY;

(SCOPE = MEMORY enables limit enforcement for the currently running database instance; if you want to make it persistent, i.e. enabled after a database restart, you need to use SCOPE = BOTH where BOTH means both MEMORY and SPFILE, i.e. DB initialization file. If the database does not use the new SPFILE format, but the old PFILE (init.ora), then you need to add the RESOURCE_LIMIT setting to the init.ora and restart the database.)

That's it. If a user_a tries to log in twice, it will get:

ORA-02391: exceeded simultaneous SESSIONS_PER_USER limit