David Rickard wrote:
Don't know if this is an optimum solution, but it should work:
Keep a List or Vector of IDs for active users in a shared,
application-level object (probably ServletContext);
When someone logs in, search the List for the submitted ID: if not
present, continue with login sequence; if present, kick them to the
"duplicate login" page;
Remove IDs from the List when users log out (and add a
ServletContextListener to catch people who leave the site without
logging out--remove their IDs when their sessions time out);
This is definitely a correct approach, but it has onw shortcoming.
Suppose one user opens up a session (logs in) and his/her browser dies.
The user opens another browser and tries to login, only to be kicked to
"duplicate user" page. I think in this case, the original poster should
have a vector or a hash map of user names and remote machine names/IPs.
Nix.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]