Sunday, April 17, 2011

How can I enforce that a user is only logged in once in Jboss/J2EE?

I need to enforce that some users (that have a flag at true) can only have 1 active session. I mean, the users logs in 1 browser and can't login in another browser/computer.

I tried using my own loginmodule but the second time I login (in another browser) the loginmodule isn't used, it seems something is being cached...

From stackoverflow
  • If you use Spring Security, there is an option for concurrent session control. You would want only 1 session. There is an explanation of integrating Spring Security with JBoss.

    AlfaTeK : thanks but I'm not using spring...
    CoverosGene : You can use Spring Security (previously known as Acegi Security) without using Spring.
  • You just need an Application Scoped map of logged in users that you check when someone logs in. Store the session id and the user id.

    Are you using a Framework? If so which one?


Post a Comment