Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

problem with sessions

 
Soni Prasad
Ranch Hand
Posts: 97
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How can I expire previous session on some terminal while same person is logging in from another terminal. I mean if somebody is loggedin on a site from some terminal and then he tries to login from another terminal, I want to invalidate his old login session with some message on that terminal, so that at a time he can have only one active session. How can I?

thanx in advance,
soni.
[ September 29, 2005: Message edited by: Soni Prasad ]
 
Alec Lee
Ranch Hand
Posts: 569
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I guess it would be difficult to achieve with declarative authentication. The server tries to authenticate someone only base on whether constrained resource is accessed or not - not whether he/she has an active session.

Practically, I guess most of the solutions are based on implementing our own authentication scheme at the application level. In this case, we can do whatever we like e.g. when one try to login, i.e. create a new HttpSessioin we just invalidate all existing sessions storing the same username.
 
Soni Prasad
Ranch Hand
Posts: 97
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

when one try to login, i.e. create a new HttpSessioin we just invalidate all existing sessions storing the same username.


Thanks alot for your reply... Now can you please tell me how to get all the existing sessions and invalidate them on creation of a new session. I am using FORM based authentication in JAAS and using jboss4.0.0.

soni.
 
Alec Lee
Ranch Hand
Posts: 569
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A suggestion is first to create a HttpSessionListener which put all created sessions into a ServletContext attribute. Then you can scan thru all session objects from any servlet you like (beware of security loophole) by going thru that ServletContext attribute.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic