File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes Same user in different machines Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Same user in different machines" Watch "Same user in different machines" New topic

Same user in different machines

Gabriel Ozeas
Ranch Hand

Joined: Jul 04, 2008
Posts: 30

Hi folks,

I'm trying to limitate just one "session per user" simultaneously in a portal using login modules. I create a login module that persist the username in a data source.

I'm using the UsersRolesLoginModule and my login module in the configuration.


When i log in the user with one brower, OK, it work. But when i try to login in the second brower to test, the login modules ARE NOT EXECUTED, bu the user is authenticated . No logs (neither in trace) in the server (i'm using jboss).

Maybe i could not understand the life cycle from the JAAS.

Can someone help me?

Arshad Noor
Ranch Hand

Joined: Oct 06, 2011
Posts: 34
If the second browser happens to just be another window or tab of the same browser session, then the behavior is correct. The browser already knows the session cookie and has sent it to the web-server in the HTTP headers. As such, the server - after verifying the validity of the cookie - will not run the login module again.

If the second browser is a completely different browser - such as Chrome when the first browser is Firefox - then you'll need to investigate some more. Even though the source IP address is the same, Chrome and FF should be using different outbound socket ports to communicate with the web-server, and therefore, the web server should count these as completely two different connections.

Arshad Noor
StrongAuth, Inc.
Gabriel Ozeas
Ranch Hand

Joined: Jul 04, 2008
Posts: 30

Hi Arshad,

I resolved this problem, it seems that the application server was doing cache of the users login. So i disable that and works..

Thanks for the help,
I agree. Here's the link:
subject: Same user in different machines
jQuery in Action, 3rd edition