And I presume you'd need to get/persist this java object to a database,
if you fancied scaling beyond a single application server? (Or am I
missing something?)
Andre Van Klaveren wrote:
This will prevent users from having more than one session at a time
for sure. You would probably want to remove the id from the list when
a duplicate is detected to prevent users from having to wait for their
initial session to timeout in the event that they closed their browser
without properly logging out. You would also need to keep the session
id in this list so that you can invalidate the session that is related
to the id.
This of course would drop the original session and in the event that
two people were using the same ID it would become a nuisence for the
first user to login (they would loose their session).
You would want to make sure to log this event for auditing purpose as well.
Did I miss anything?
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
