How can I expire previous session on some terminal while same person is logging in from another terminal. I mean if somebody is loggedin on a site from some terminal and then he tries to login from another terminal, I want to invalidate his old login session with some message on that terminal, so that at a time he can have only one active session. How can I?
thanx in advance, soni. [ September 29, 2005: Message edited by: Soni Prasad ]
I guess it would be difficult to achieve with declarative authentication. The server tries to authenticate someone only base on whether constrained resource is accessed or not - not whether he/she has an active session.
Practically, I guess most of the solutions are based on implementing our own authentication scheme at the application level. In this case, we can do whatever we like e.g. when one try to login, i.e. create a new HttpSessioin we just invalidate all existing sessions storing the same username.
Joined: Mar 09, 2005
when one try to login, i.e. create a new HttpSessioin we just invalidate all existing sessions storing the same username.
Thanks alot for your reply... Now can you please tell me how to get all the existing sessions and invalidate them on creation of a new session. I am using FORM based authentication in JAAS and using jboss4.0.0.
Joined: Jan 28, 2004
A suggestion is first to create a HttpSessionListener which put all created sessions into a ServletContext attribute. Then you can scan thru all session objects from any servlet you like (beware of security loophole) by going thru that ServletContext attribute.