tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fu-Tung Cheng <futung.ch...@yahoo.com>
Subject Invalidating a session when a user logs in
Date Tue, 22 Jul 2008 16:01:21 GMT
Hi,

When a user logs into the system he is given a session.  If that same user logs into the system
he is given another session - if the browser is different such that there is no cookie collision.

In this case I'd like to invalidate the original session on login.  

How can I accomplish this?

My first thoughts were to stored the sessionId with the username which I could then lookup
on login and if a session exist invalidate it.  Unfortunately the getSessionById seems to
have been deprecated in the api.  

Is my only option to store the session in with my user object?

Thanks,

Fu-Tung



      


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message