Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@www.apache.org Received: (qmail 32676 invoked from network); 14 Jun 2005 18:37:42 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 14 Jun 2005 18:37:42 -0000 Received: (qmail 72852 invoked by uid 500); 14 Jun 2005 18:37:25 -0000 Delivered-To: apmail-jakarta-tomcat-user-archive@jakarta.apache.org Received: (qmail 72831 invoked by uid 500); 14 Jun 2005 18:37:25 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 72809 invoked by uid 99); 14 Jun 2005 18:37:25 -0000 X-ASF-Spam-Status: No, hits=0.1 required=10.0 tests=FORGED_RCVD_HELO X-Spam-Check-By: apache.org Received-SPF: neutral (hermes.apache.org: local policy) Received: from soda-2.dsl1.easynet.co.uk (HELO fanta.soda.co.uk) (212.135.162.2) by apache.org (qpsmtpd/0.28) with ESMTP; Tue, 14 Jun 2005 11:37:23 -0700 Received: from localhost (localhost.soda.co.uk [127.0.0.1]) by fanta.soda.co.uk (Postfix) with ESMTP id 96DAE23E8 for ; Tue, 14 Jun 2005 19:37:10 +0100 (BST) Received: from fanta.soda.co.uk ([127.0.0.1]) by localhost (fanta.soda.co.uk [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 31003-09 for ; Tue, 14 Jun 2005 19:37:07 +0100 (BST) Received: from [192.168.1.150] (82-35-115-29.cable.ubr07.dals.blueyonder.co.uk [82.35.115.29]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by fanta.soda.co.uk (Postfix) with ESMTP id 0C14E22EC for ; Tue, 14 Jun 2005 19:37:06 +0100 (BST) Message-ID: <42AF23C5.70002@red56.co.uk> Date: Tue, 14 Jun 2005 19:36:53 +0100 From: Tim Diggins User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Tomcat Users List Subject: Re: Concurrent login detection - how? References: <200506131601.57880.stalp@imbei.uni-mainz.de> <200506141452.54568.stalp@imbei.uni-mainz.de> <200506141529.44915.mailing-tomcat-user@schoenhaber.de> <200506141708.19129.stalp@imbei.uni-mainz.de> <00b801c570fd$462c1ca0$6701a8c0@caneda> <6.0.1.1.0.20050614094632.03f4c9f0@mail.techbooks.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at soda.co.uk X-Virus-Checked: Checked X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N And I presume you'd need to get/persist this java object to a database, if you fancied scaling beyond a single application server? (Or am I missing something?) Andre Van Klaveren wrote: > This will prevent users from having more than one session at a time > for sure. You would probably want to remove the id from the list when > a duplicate is detected to prevent users from having to wait for their > initial session to timeout in the event that they closed their browser > without properly logging out. You would also need to keep the session > id in this list so that you can invalidate the session that is related > to the id. > > This of course would drop the original session and in the event that > two people were using the same ID it would become a nuisence for the > first user to login (they would loose their session). > > You would want to make sure to log this event for auditing purpose as well. > > Did I miss anything? > --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-user-help@jakarta.apache.org