Hello,
We have a new security requirement for our webapp to only allow a
user a single login session at a time.
If the user logs in through another browser or device, the original
session should be closed.
I've spent some time hunting for a recommended solution using Apache
Shiro 1.2, but most seem home-grown solutions using an application-
wide
HashMap of User-Session mappings, checking for existing sessions on
each login. Is this really the best solution or is this too simplistic?
In Spring Security, for example, there is an attribute called
'maxConcurrentUsers' or something like that where this can be
configured.
It would be great if someone expert in Shiro could give a
recommended solution for this seemingly common use-case, at least as
far as integration with
Shiro goes.
Many thanks,
Richard
Richard Adams
[email protected]
