Don't know if this is an optimum solution, but it should work:
Keep a List or Vector of IDs for active users in a shared,
application-level object (probably ServletContext);
When someone logs in, search the List for the submitted ID: if not present,
continue with login sequence; if present, kick them to the "duplicate
login" page;
Remove IDs from the List when users log out (and add a
ServletContextListener to catch people who leave the site without logging
out--remove their IDs when their sessions time out);
At 09:22 AM 6/14/2005, you wrote:
What is the best way to detect two people being logged in concurrently using
the same account? This is one aspect of my efforts to restrict fraudulent
access. Again, I don't want to use Acegi since it seems to break the rest of
my app. So, what's the best way to do this 'traditionally'?
Thanks!
Michael
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
David Rickard
Software Engineer
TechBooks/GTS
Your Single Source Solution!
Los Angeles CA * York, PA * Boston,MA * New Delhi, India
Visit us on the World Wide Web
<http://www.techbooks.com>http://www.techbooks.com
[EMAIL PROTECTED]
5650 Jillson St., Los Angeles, CA 90040
(323) 888-8889 x331
(323) 888-1849 (Fax)