----- Original Message -----
From: "Hans Bergsten" <[EMAIL PROTECTED]>
> > Gokul Singh wrote:
> >
> > Hans Bergsten wrote:
> > > [...]
> >
> > I am trying to disallow a single user to have multiple login sessions
> > valid at any given time. I have to enforce this even if the user tried
> > to login from two different machines.
A small addition here. The requirement is that the user be allowed to login
by creating a new session on login request and invalidating any valid
session that he may have at that time.
To be more elaborate.
1. A user U logs in and has a session associated with him i.e. S1.
2. user U goes to another machine and tries to login.
3. The user U should get a new session S2 with S1 being invalidated.
I hope the requirements are now clear.
> archives for details). The bottom line is that a session is associated
> with a "client", not a "user".
Agreed.
> > Can you suggest a solution for this which works on tomcat 3.2.1 and
> > uses servlet specs 2.2 only.
>
> Something like this should work in any compliant container.
Thanks for putting down the whole code for me. I already implement this
philosophy in my code. But the requirements are slightly different as
spelled above.
> To make sure a user only logs in once, check if the loginID is
> already in the context structure before allowing a new login
> and creating the UserBean.
The requirement is that the user can login any no. of times he wants. But he
should have only one valid session and that should be the session from the
last successful login attempt as mentioned above.
Can you please tell me if this is possible using 2.2 specs and tomcat 3.2.1
Regds,
Gokul
PS: I have joined this list today only. I am not sure if this posting is
appropriate for this list or not.
If it is inappropriate here, then please mail to me privately.
>
> Hans
> --
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
