This is not built in to Shiro at the moment. Your best bet is to use Shiro's native session management and use a queryable session data store. Then, when a user request comes in, you can query the session data store and see if they have any existing sessions. If so, deny the request.
HTH, -- Les Hazlewood | @lhazlewood CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282 On Fri, Sep 27, 2013 at 3:09 AM, gurjant singh <[email protected]>wrote: > > Hi, > > > I have to allow a user to login only form on device at time and has to >> expire or invalidate the other sessions of that user if he has logged in >> from other devices/browsers. How can we do this in apache shiro. Please >> help me. >> >> Thanks, >> >> -Bunty >> >> >> > >
