On Wed, Oct 06, 2004 at 05:24:45PM -0600, Scott Smith wrote: : We have a Tomcat 4.1.x application using a JDBCRealm to do : authentication. Is there a way to prevent the same login from being : logged in multiple times simultaneously?
Just off the top of my head: You could mix a Filter with a SessionListener and a custom per-user tracking object. The Filter and Listener both have access to a list of issued tracker objects. When the filter is triggered (it's mapped to URIs that require login) it checks for the tracker. - If the tracker is in the session, continue with the request. - If the tracker isn't in the session, and it hasn't already been issued for that user, add it to the user's session. - If the tracker has already been issued, short-circuit the request. (send tne user to an error page) When the session expires, remove that user's tracker object from the list. Wash, rinse, repeat. =) -QM --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
