tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From QM <>
Subject Re: Single Login
Date Wed, 06 Oct 2004 23:52:01 GMT
On Wed, Oct 06, 2004 at 05:24:45PM -0600, Scott Smith wrote:
: We have a Tomcat 4.1.x application using a JDBCRealm to do
: authentication.  Is there a way to prevent the same login from being
: logged in multiple times simultaneously?

Just off the top of my head:

You could mix a Filter with a SessionListener and a custom per-user
tracking object.  The Filter and Listener both have access to a list of
issued tracker objects.

When the filter is triggered (it's mapped to URIs that require login) it
checks for the tracker.

- If the tracker is in the session, continue with the request.

- If the tracker isn't in the session, and it hasn't already been issued
  for that user, add it to the user's session.

- If the tracker has already been issued, short-circuit the request.
  (send tne user to an error page)

When the session expires, remove that user's tracker object from the

Wash, rinse, repeat.  =)


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message