Be warned though, it may be a nightmare to maintain the list, depending on your type of app (mine's AJAX based), because the session can expire, the user closes the browser tab/window, logs out... there are a number of situations where you have to catch the user session expiry or must-invalidate-session situations and remove the user from that list too. Make sure you test all possible situations
-- View this message in context: http://shiro-user.582556.n2.nabble.com/How-to-know-if-a-user-is-already-authenticated-tp7437178p7512763.html Sent from the Shiro User mailing list archive at Nabble.com.
