tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Rickard <>
Subject Re: Concurrent login detection - how?
Date Tue, 14 Jun 2005 16:53:14 GMT
Don't know if this is an optimum solution, but it should work:
Keep a List or Vector of IDs for active users in a shared, 
application-level object (probably ServletContext);
When someone logs in, search the List for the submitted ID: if not present, 
continue with login sequence; if present, kick them to the "duplicate 
login" page;
Remove IDs from the List when users log out (and add a 
ServletContextListener to catch people who leave the site without logging 
out--remove their IDs when their sessions time out);

At 09:22 AM 6/14/2005, you wrote:
>What is the best way to detect two people being logged in concurrently using
>the same account? This is one aspect of my efforts to restrict fraudulent
>access. Again, I don't want to use Acegi since it seems to break the rest of
>my app. So, what's the best way to do this 'traditionally'?
>To unsubscribe, e-mail:
>For additional commands, e-mail:


David Rickard
Software Engineer

Your Single Source Solution!
Los Angeles CA * York, PA * Boston,MA * New Delhi, India
Visit us on the World Wide Web 
5650 Jillson St., Los Angeles, CA 90040
(323) 888-8889 x331
(323) 888-1849 (Fax)

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message