Gokul Singh wrote:
>
> ----- Original Message -----
> From: "Hans Bergsten" <[EMAIL PROTECTED]>
>
> > > Gokul Singh wrote:
> > >
> > > Hans Bergsten wrote:
> > > > [...]
> > >
> > > I am trying to disallow a single user to have multiple login sessions
> > > valid at any given time. I have to enforce this even if the user tried
> > > to login from two different machines.
>
> A small addition here. The requirement is that the user be allowed to login
> by creating a new session on login request and invalidating any valid
> session that he may have at that time.
> To be more elaborate.
> 1. A user U logs in and has a session associated with him i.e. S1.
> 2. user U goes to another machine and tries to login.
> 3. The user U should get a new session S2 with S1 being invalidated.
>
> I hope the requirements are now clear.
Okay, that's very different ;-)
> [...]
> The requirement is that the user can login any no. of times he wants. But he
> should have only one valid session and that should be the session from the
> last successful login attempt as mentioned above.
>
> Can you please tell me if this is possible using 2.2 specs and tomcat 3.2.1
Probably not by basing it on the standard session mechanism, since
requests within one session can not access or invalidate another
session. Again, this would not be possible even if the same
HttpSession instance was kept throughout the session.
But I must admit that I find the requirement a bit strange, since to me
it
amounts to pretty much the same as allowing multiple concurrent logins
from the same user. Why does it matter if a user has more than one
session
active at the same time, on two different machines? What is it you want
to accomplish by only allowing one valid session at a time? Anyway, you
may have to look at a combination of a currentUsers list as a context
attribute and your own "session data store", also as a context
attribute,
or in a database or some other external storage facility.
> PS: I have joined this list today only. I am not sure if this posting is
> appropriate for this list or not.
> If it is inappropriate here, then please mail to me privately.
By now, this is off-topic for this list. So if you want to continue
the discussion, I suggest you mail me privately.
Hans
--
Hans Bergsten [EMAIL PROTECTED]
Gefion Software http://www.gefionsoftware.com
Author of JavaServer Pages (O'Reilly), http://TheJSPBook.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
