Laurie Harper wrote:
If you have a separate 'login' page (as opposed to having a login form on each page) you might be able to get away with invalidating the session when that page is shown, with the caveat that logged in users would implicitly be logged out if they visit that page.
And in the case where there's not a separate login page you could add an interceptor that's only in the stack of your login form, which invalidates the session. That way it's impossible for someone to get to the point where they'll be logging in while already logged in.
-Dale --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
