-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
An archives search yielded me nothing. I must be phrasing my query in
an incorrect, non-jargon manner.
I suppose the _easiest_ way would be to use a persistent database to
keep track of the users logged in, and use an HttpSessionListener to log
users out when their session either get invalidated (normal logout), or
expire (timed logout). If you can think of a smarter way, I'm all
ears/eyes.
Thanks,
Dale.
Christopher Schultz wrote:
> Dale Nesbitt wrote:
>> Is there a way to enforce that a given username can only have one valid
>> session at a time?
>
> Yes, but I'd imagine the question you're really asking is "is there an
> /easy/ way to enforce..." or, perhaps "a standard way". The answer to
> both of these is "no".
>
> You basically have to roll your own login-restriction mechanism. This
> question has been asked several times on the list. Try looking around
> the archives for the past discussions... we usually tell people that
> it's possible but a real PITA to do.
- ---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
- --
Dale Nesbitt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFG8nANC1ww7auTZ7URAmWNAKCej9D9UohnJgXYdOiQFujyjdbYiQCfQCIW
Nm3drK9lbAWby1IzKKpah00=
=zjwS
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
