@nirjon1001 what you are askings isn't entirely trivial but seems to be doable theoretically. I would approach it in a following fashion:
1. implement an http session listener ([url=http://docs.oracle.com/javaee/5/api/javax/servlet/http/HttpSessionListener.html]http session listener[/url]). Collect the live http session into a map/collection which you would access from other places later. 2. create a custom servlet filter which would kick in somewhere after the login filter. Upon that time you can be sure that you can try to get the security subject from the current session (can be accessed by the attr key "javax.security.auth.Subject" from the session itself or via MgnlContext#getSubject() iirc). Then you can iterate over the live sessions from the collection/map from step one and invalidate all the sessions whose Subject is the same as the current one, which will kick all the other browser sessions. Re: same/different machine cases - I don't think it matters, as far as app server is concerned that should be treated the same way. I hope this helps and good luck! -- sasha -- Context is everything: http://forum.magnolia-cms.com/forum/thread.html?threadId=c8a6b965-0931-49b3-b132-9b65387b2560 ---------------------------------------------------------------- For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to: <dev-list-unsubscr...@magnolia-cms.com> ----------------------------------------------------------------