Re: Only one session for logged user.
Using a session listener to record session creation/destruction and them use that info to invalidate previous sessions where the user is the same? Ernesto On Fri, Mar 6, 2009 at 11:34 AM, Martin Bednář martin.bed...@triax.czwrote: Hello, In our application I must guarantee that user is logged only once to the application. I have the following problem. 1,User logged to aplication, create session1 2,User browser crased, but session1 is still alive for next 30minutes (session expiration time is 30minutes). 3,User open new browser and login to application (session2 is created). And in point 3 I need close session1 before I log user in. I hold userId in user session, but I don't know how to iterate over all sessions and check if another session for same user is here. Any advice ? Thx Martin
Re: Only one session for logged user.
Martin Bednář wrote: Hello, In our application I must guarantee that user is logged only once to the application. I have the following problem. 1,User logged to aplication, create session1 2,User browser crased, but session1 is still alive for next 30minutes (session expiration time is 30minutes). 3,User open new browser and login to application (session2 is created). And in point 3 I need close session1 before I log user in. I hold userId in user session, but I don't know how to iterate over all sessions and check if another session for same user is here. Any advice ? Have a look at how Acegi Security handles concurrent sessions management: http://www.acegisecurity.org/guide/springsecurity.html#concurrent-sessions hth -- Leszek Gawron - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Only one session for logged user.
instead of storing a user id store a uuid that is generated on login, and resolve the uuid back to user. every time the user logs in you invalidate all other uuids they have and generate a new one. -igor On Fri, Mar 6, 2009 at 2:34 AM, Martin Bednář martin.bed...@triax.cz wrote: Hello, In our application I must guarantee that user is logged only once to the application. I have the following problem. 1,User logged to aplication, create session1 2,User browser crased, but session1 is still alive for next 30minutes (session expiration time is 30minutes). 3,User open new browser and login to application (session2 is created). And in point 3 I need close session1 before I log user in. I hold userId in user session, but I don't know how to iterate over all sessions and check if another session for same user is here. Any advice ? Thx Martin - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
