tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chris derham <ch...@derham.me.uk>
Subject Re: Strategy to prohibit concurrent users authenticated through Tomcat
Date Fri, 13 Jan 2012 09:09:44 GMT
>
> I am using Tomcat 7.0.11 and use Form Authentication (via
>> j_security_check) to authenticate through the Tomcat server.
>> Currently, two users with the same username can log into my application
>> from two different computers and concurrently access the app.
>> Is there a way to prohibit a user from authenticating if a user with the
>> same username has previously authenticated and still has an active session?
>>
>> We use spring security in a web app that is deployed in tomcat. It has
built in support for this - you can configure to either disallow subsequent
sessions, or kill the first session and allow subsequent sessions. This
should explain it better than I can
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/session-mgmt.html.
Don't know how big a task it would be for you to move to this, but it works
really well for us

If you provide a bit more information about what you are trying/need to do,
> someone my come up with a better idea.
> For example, what is the real problem - in your application - when two
> people at different computers login with the same user-id ?
>
> +1

Chris

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message