cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Prevent multiple logins of the same user in portal

Go to solution
saurabh_vakil
Active Contributor

on ‎12-20-2010 10:06 AM

0 Kudos

Hi Experts,

I have a requirement wherein I am needed to ensure that whenever a user tries to login to the portal, I should check whether this user already has a session active. If yes, I should not allow this user to login again. As in this user should not be able to login by opening a new browser window or by trying to login from some other system.

However if there are no existing sessions for this user then allow her/him to log in.

Is there any way I can achieve this by changing any parameters in Visual Admin / Config Tool or do I have to implement this functionality by making modifications in the masthead .par file?

Best Regards,

Saurabh Vakil.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

shreyas_pandya
Contributor
‎01-11-2011 11:13 AM
0 Kudos

Dear Saurabh,

I have got confirmation from SAP on this.

Due to technical reasons this is not possible. As HTTP is a stateless

protocol, the server has no control over the user session. In fact the

server does never know whether the user is still logged on or not.

Hence it is not possible to avoid multiple logons.

Regards,

Shreyas Pandya

Show replies
Show replies
saurabh_vakil
Active Contributor
‎01-11-2011 11:24 AM
0 Kudos

Hi Shreyas,

Thanks a lot for your reply.

Regards,

Saurabh

Former Member
‎09-22-2011 6:18 AM
0 Kudos

Hi Shreya,

Could you please share the confirmation which you got from SAP.

I am facing the same issue and i have to convince my client, Since they are very much sticked with their IT policy.

~Viswanathan

Former Member
‎01-13-2016 4:34 AM
0 Kudos

Hi Shreyas,

I am facing the same issue. Can you please share SAP's confirmation, perhaps a document? Appreciate your help. Thanks!

saurabh_vakil
Active Contributor
‎01-13-2016 5:38 AM
0 Kudos

Hi Marj,

We got below confirmation from SAP in the support incident we had raised. We don't have any document specifying the same.

Due to technical reasons this is not possible. As HTTP is a stateless

protocol, the server has no control over the user session. In fact the

server does never know whether the user is still logged on or not.

Hence it is not possible to avoid multiple logons.

Regards,

Saurabh

Former Member
‎01-13-2016 6:15 AM
0 Kudos

Hello Saurabh,

You may check SAP Note 2052515 - Multiple logins for the same user on the Enterprise Portal for reference

Answers (2)

Answers (2)

former_member218672
Active Contributor
‎12-20-2010 12:20 PM
0 Kudos

Hi Saurabh,

you can do this by modifing the headerIview.jsp by using session variables.

when a user logs into portal you have to keep his details in a session and check them everytime when he tries to login again.if it is not the first time then throw and error message

you need to change the par file. code will be something like this

session.setAttribute("user",request.getUser());

if(session.getAttribute("user")!=null)

And for preventing from backend -

By changing the parameter - login/disable_multi_gui_login you can do this.

Check below sap link - http://help.sap.com/saphelp_erp2004/helpdata/en/22/41c43ac23cef2fe10000000a114084/frameset.htm

Regards,

Sen

Edited by: prodyut kumar sen on Dec 20, 2010 1:22 PM

Show replies
Show replies
hofmann
Active Contributor
‎12-20-2010 1:54 PM
0 Kudos

The session used needs to be global. Using a session with scope HTTP Session or local server node won't work. The code also cannot simply check if the userID is in the session or not, as the user can close the browser without doing a logoff.

br,

Tobias

saurabh_vakil
Active Contributor
‎12-21-2010 5:11 AM
0 Kudos

So will simply making the above mentioned changes in headerview.jsp file of the masthead par work or do I have to write a custom login module for the same?

Regards,

Saurabh.

Former Member
‎12-21-2010 6:35 AM
0 Kudos

Hi,

You can code as suggested by Prodyut, but i think this code wont give desired output on portal environment where there are multiple server node. I am not sure experts please provide your comments on this.

Regards,

Jigar Oza

Former Member
‎12-20-2010 10:21 AM
0 Kudos

Hello,

Please refer to this blog [How to Limit the Number of Users Logged on to your Portal / WAS|http://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/5420] [original link is broken];.

Regards

Puneet

Show replies
Show replies
hofmann
Active Contributor
‎12-20-2010 11:48 AM
0 Kudos

The blog you posted is about limiting the overall number of logged on users (ex: limit: 500 users) and sadly not about how to prevent that 1 user logs on 2 or more times.

If this isn't a feature recently introduced to the portal it is not possible by standard, and I'm not sure how to prevent this in a (clustered) portal environment: the UME is offering a logged on/off timestamp functionality:

setLastLogoutDate

getLastSuccessfulLogonDate

But when the user is simply closing the browser I doubt that this will work. I suggest that you code your own application that simply stores and updates the user ID on a regular basis - like 5 minutes - and your logon servlet checks if the logon is valid or not.

br,

Tobias

Ask a Question