Herryanto Siatono wrote:
I stepped through the code, and I realised that it does not work when
UserDetails.getUsername() is overridden with user's primary key after
successful login.
Simply because the session check is performed before the actual
authentication takes place using the login username e.g. 'user1',
while the registration of new session takes place after successful
authentication using the already overriden .getUsername() with the
user's primary key, e.g. '101'. So the ConcurrentLogin exception is
never thrown in such case.
I've refactored concurrent session support extensively in preparation
for 0.9.0. Is this still an issue if using the latest CVS HEAD code?
Cheers
Ben
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
