-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dale,
Dale Nesbitt wrote: > An archives search yielded me nothing. I must be phrasing my query in > an incorrect, non-jargon manner. Perhaps. I know it's been discussed, but I honestly can't suggest any good search strings. ;) > I suppose the _easiest_ way would be to use a persistent database to > keep track of the users logged in, and use an HttpSessionListener to log > users out when their session either get invalidated (normal logout), or > expire (timed logout). Don't forget that your database might end up collecting data over time for sessions never properly cleaned-up. For instance, if one of your servers dies, all those sessions will never be purged from the database. It's inconvenient when you lock out a lot of users because one of your servers went down. Also, if you aren't using cookies (or even if you are, but still use direct-login capabilities) then it's possible users will close a browser window and then attempt to re-login (even they do not have to), thus severing their relationship with their existing session. In this case, your users will have to wait for the session to time out on the server side before they can login again. Any particular reason to limit to one-session-per-user? I'm always curious about these kinds of requirements... - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG8//p9CaO5/Lv0PARAnOcAKCdGCSbfbumx2b5C2MoiQvyDgdGSQCfeDhk Q8iR8WI+14Mx8n0Cg2Xuvt4= =oj60 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]