basically, I want to prevent users from logging in and creating a second session if a valid session for that user already exists.
For instance. 1. Log in to my web app, session is created 2. browse around in my web app 3. close browser, do not logout 4. Start browser up again 5. try and log in 6. Do not allow login, have user 'reconnect' to the old session created in step 1. I have written quite a few web based apps, and I know of no way to kill the session at step 3. Hope this clears things up. Thanks again! On 10/5/05, Leon Rosenberg <[EMAIL PROTECTED]> wrote: > I have never seen that the getRemoteUser method you are referring to > returned something userful, or just something other then null. Taken > in account different browsers, proxies, internet-cafes... I don't > think it's possible. > On the other hand, why do you need that? As a matter of security this > will not work, because an intruder will simply use a patched browser > and a proxy. Maybe if you tell us what you trying to achieve, we can > provide you a better solution. > > regards > leon > > On 10/5/05, Mark <[EMAIL PROTECTED]> wrote: > > This is about 90% of what I want. One of the features I want to put > > into my session manager is the ability to only have one open session > > per user. What I would like is to have a createSession method that > > takes in user and host. This way I could be relatively sure that the > > user could only have one session at a time. > > The way the API looks is I have no way of passing this information > > into the createSession method. Is this true? Or do I have to extend > > some of the low-level tomcat code in order to make this work? > > > > TIA for any help you can provide. > > > > On 9/29/05, Leon Rosenberg <[EMAIL PROTECTED]> wrote: > > > check this out: > > > > > > http://www.niallp.pwp.blueyonder.co.uk/TomcatBug36541.html > > > > > > The link itself handles a bug, but one of the solutions is to replace > > > the std. manager with custom manager with all info you need to > > > actually do this. I thin kthis fits your question. > > > > > > regards > > > leon > > > > > > On 9/29/05, Mark <[EMAIL PROTECTED]> wrote: > > > > After using tomcat since the 3.x days, I have been very impressed with > > > > the amount of flexibility and configuration options that I have > > > > available to me. > > > > > > > > One part of the tomcat design that I do not believe is very flexible > > > > is the ability to set up a custom session manager. So maybe I am > > > > missing something, but how would I go about writing this for tomcat? > > > > I know I am being very vague, but how much work am I potentially > > > > signing myself up for here if I wanted to create a custom session > > > > manager? > > > > > > > > > > > > Thank you. > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
