Try this. When person 1 logs in, use a filter to capture the credentials & store it in the ServletContext. This should remain in the ServletContext as long as person 1's session is valid. When person 1 logs out, call invalidate on HttpSession, set up a HttpSessonListener, that will call the ServletContext & remove the credientials from there.
If Person 1 tries to log in from another computer or another browser, while he is logged in , the filter checks to see if the credential exists in the ServletContext. If it exists there, it rejects the log in, else allows it to proceed through. Here we use the ServletContext, as it is shared across the whole application. You may try with the get the ServletContext from a method available in the FilterConfig View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4190616#4190616 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4190616 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user