I need to enforce that some users (that have a flag at true) can only have 1 active session. I mean, the users logs in 1 browser and can't login in another browser/computer.
I tried using my own loginmodule but the second time I login (in another browser) the loginmodule isn't used, it seems something is being cached...
From stackoverflow
-
If you use Spring Security, there is an option for concurrent session control. You would want only 1 session. There is an explanation of integrating Spring Security with JBoss.
AlfaTeK : thanks but I'm not using spring...CoverosGene : You can use Spring Security (previously known as Acegi Security) without using Spring. -
You just need an Application Scoped map of logged in users that you check when someone logs in. Store the session id and the user id.
Are you using a Framework? If so which one?
0 comments:
Post a Comment