Yes. The approach I mentioned will have to altered slightly. Add the HttpSessionId to ServletContext too. Check for the existence of both credential & sesion id. That means user is logged in & active. So if the same user tries to log in again, his credential will be same but sessionId will be different. So may be a combination of credential + sessionId may be a key / value in ServletContext. Check for this .
Also during log out clear this from ServletContext. Log out will call a HttpSession.Invalidate(), followed by a call to HttpSessionListener that will clear out the ServletContext entries. OR You may set up a ServletContextListener, that ensures that Credential/session id contract is unique. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4190635#4190635 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4190635 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
