I have an option - not sure if it the best...
I am not using Subject caching and have no clue about it's workings... so
you might need to duplicate the below for that cache also:
Just make sure you delete a session cache before creating another for a
subject - i.e. implement the Session cache yourself and before every put do
get-by-subject and remove
put(newSessionId) {
[...]
oldSessionId = get_session_id_by_user();
[...]
remove(oldSessionId)
[..]
actual_put(newSessionId)
}
There is a lot more of trickery here (e.g. if you let Shiro handle the cache
- you wont be able to get the subject by the usual was and will need to
append it to the thread, or remove Shiro's auto cache handling), but this
will surely work (just note that sidetracking from Shiro's main road leads
to headaches - so come prepared).
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/How-to-prevent-user-multiple-login-tp7580411p7580412.html
Sent from the Shiro User mailing list archive at Nabble.com.
