Maximum number of user for a web application

In my web application i need to restrict the maximum number of user accessing my web application.The no of users are configured in a separate properties file.I have created a HttpSessionListener interface to track different users but the problem am facing is that one user can request using multiple instances of browser and the number of users gets increased by 1 even though the same user w开发者_运维知识库ith different browser instance.i need to count the users based on different IP address or some other unique parameter.

A possibility could be to use session cookies - if the new connected user doesn't have a session cookie, give them one and increment your counter, otherwise don't increment the counter.

You cannot know if the same user is using different user instances as well as you cannot know if a user is using two different computers and so on.

You could restrict the maximum allowed number of open sessions per user, but note that a cookie is only a serial number that could be injected in another instance of a browser as a header. If the user is behind the same subnetwork, you couldn't even distinguish that case with it's IP address.

I mean, whatever reaches the realm of the client side, is by no chance under your control. So, I'm quite sure that although you could possibly add some obstacles, you will never be able to control that.

Anyway, here are some obstacles:

• Restrict login to only one.
• Session cookies, domain cookies, hidden input text box.
• A java applet that does something weird (like obtaining the local IP address behind a subnetwork or other information, if allowed).
• A flash program that does something weird.
• Tracking of the remote IP address.
• A combination of the previous.

Hide your webapp behind an user login form and restrict based on the amount of logged-in users.

This is a real problem not only for you.

For example "Quality Center" from HP works like that: they count the number of current active logins. If the limit of simultaneous logins is reach, you can't logged in with a new login.

That works pretty well.

But, if you use a login that is allready connected, you can use the application. So two users that use the same login can work in the same time.

Still a good solution a think and not too complicated to develop.

This has to be the craziest problem I've ever come across, and the topping on the cake is

I have created a HttpSessionListener interface to track different users but the problem am facing is that one user can request using multiple instances of browser and the number of users gets increased by 1 even though the same user with different browser instanc

Seriously?? Who even came up with the requirements. The problem you need to solve is the crazy requirement, and seriously, dont implement crazy things just because a BA got confused and didnt do their job.