The problem will be: (1)How to save the information about who is logged in from which session.
and (2)How to check this information before every action execution For problem 1, if you only have one app server, you can save this information in global variable, if you need support multi app servers, you can save it into DB. The data structure should like Map<UserID, SessionID> (in global variable) or TABLE (UserID VARCHAR, SessionID VARCHAR) (in DB) For problem 2, you are right, Interceptor will be a good choice. I think the whole architecture should likes: (1)After user login, save the logged in status into global variable or DB, and into current session. (2)Before every action execution, extract logged in user id from current session, and then check the global variable or DB, see if this user is logged in from the same session. If the same user is logged in from some session else, this means he/she has re-logged in from somewhere else, so you can remove the logged in status from current session, and then force the user login again. For example: (1)UserA, logged in from ComputerA. Let's say the session is SessionA. So in SessionA, the logged in user ID will be UserA. And in the global variable or DB, UserA will be marked "logged in from SessionA" (2)When the same user login from ComputerB. Let's say SessionB. In SessionB, the logged in user ID will be UserA. And in the global variable or DB, the logged in status of UserA will be overwritten by "logged in from SessionB" (3)Request any page again from ComputerA. The Interceptor can extract the logged in user id (which will be UserA) from current Session (which will be SessionA). And extract the logged in status from global variable or DB, which will be "logged in from SessionB", and different from current session. So the Interceptor can say, UserA has re-logged in from some where else. --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
