The problem is AFAIK, that you cannot access the list of all sessions through the servlet-api. That feature was in the servlet-api at some time, but was removed, IIRC due to security issues.
If you have a list of all sessions, you can easily iterate over them at login and manually expire all old sessions for the same user. => Max. one active session per user. > -----Ursprüngliche Nachricht----- > Von: Leon Rosenberg [mailto:[EMAIL PROTECTED] > Gesendet: Donnerstag, 6. Oktober 2005 16:11 > An: Tomcat Users List > Betreff: Re: custom session manager > > > Sorry, aber how exactly does it solves the problem of having one > session per user? :-) > > > > On 10/6/05, Tobias Meyer <[EMAIL PROTECTED]> wrote: > > > -----Ursprüngliche Nachricht----- > > > Von: Leon Rosenberg [mailto:[EMAIL PROTECTED] > > > Gesendet: Donnerstag, 6. Oktober 2005 11:20 > > > An: Tomcat Users List > > > Betreff: Re: custom session manager > > > > > > > > > On 10/6/05, Tobias Meyer <[EMAIL PROTECTED]> wrote: > > > > > > > > Or, cou could add a static hashmap to your Servlet (or a > > > bean if using JSPs) > > > > where you simply add the sessions with every request. You > > > would have to put > > > > an attribute implementing > > > javax.servlet.http.HttpSessionActivationListener > > > > in each session though, that removes the session from your > > > hashmap when the > > > > session is expired or you will end up with having many > > > invalid entries in > > > > your hashmap. (And I don't even know what happens if you > > > keep the references > > > > to those Session objects when they are recycled by tomcat) > > > > We do this to keep track of our sessions within the application. > > > > > > If you keep your sessions in a hashmap forever they will never be > > > freed by the garbage collector and you will end with an > outofmemory > > > error one day. > > > > That's why I said you need one Attribute that implements the > > HttpSessionActivationListener, which, on second thought , > was wrong - you > > need to implement HttpSessionBindingListener. > > > > The Method > > > > public void valueUnbound(HttpSessionBindingEvent event) > > > > will get called automatically when the session expires, and > you can add code > > that removes the session from the hashmap. > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
