I'm not entirely sure how Spring Security works, but it appears that it checks concurrent log-ins based on a cached value in the HttpSession. If that's the case a simple
subject.isAuthenticated() call is good enough to determine if they've logged in during their current session. What exactly is your desired behavior? Could you give a use case? On Tue, Dec 1, 2009 at 3:39 PM, Narcom <[email protected]> wrote: > > what if I wish to place constraints on a single user's ability to log in to > my application. Similar like in SpringSecurity > http://static.springsource.org/spring-security/site/docs/2.0.x/reference/ns-config.html#ns-concurrent-session. > smth like <concurrent-session-control max-sessions="1" /> ? > > how to implement it in Shiro. Could someone tell me where to start from? > > -- > View this message in context: > http://n2.nabble.com/Concurrent-Session-Control-tp4096145p4096145.html > Sent from the Shiro User mailing list archive at Nabble.com. >
