lock logged in user in oracle by java
You need to manage a map of logged in users, Map<String, String> userToSessionIdMap
when user logs in you check if there is any session exist for this user name if yes deny else allow login,
Now on logout you need to remove the entry from map, also you need to implement HttpSessionBindingListener
so when session expires it removes the entry again
Also See
Let the database do it's own job!
(This solution assumes that you can get help from DBAs; or you have SYSDBA access to the database.)
First create a profile that allows only 1 session per user:
CREATE PROFILE single_session_profile LIMIT SESSIONS_PER_USER 1;
Then create the user with the right profile or alter an existing user to use the profile:
CREATE USER user_a IDENTIFIED BY user_id DEFAULT TABLESPACE users TEMPORARY TABLESPACE temp QUOTA UNLIMITED ON users PROFILE single_session_profile;
or
ALTER USER user_a PROFILE single_session_profile;
Finally, the database needs to be observe these limits:
ALTER SYSTEM SET RESOURCE_LIMIT = TRUE SCOPE = MEMORY;
(SCOPE = MEMORY
enables limit enforcement for the currently running database instance; if you want to make it persistent, i.e. enabled after a database restart, you need to use SCOPE = BOTH
where BOTH
means both MEMORY
and SPFILE
, i.e. DB initialization file. If the database does not use the new SPFILE
format, but the old PFILE
(init.ora
), then you need to add the RESOURCE_LIMIT
setting to the init.ora
and restart the database.)
That's it. If a user_a
tries to log in twice, it will get:
ORA-02391: exceeded simultaneous SESSIONS_PER_USER limit