Not sure if I'm doing this correctly; but I'm about to deploy my first
JSF app. I'm testing on my internal network; if I login on machine 1,
machine 2 has access to machine 1's session (i.e. if I login as Admin on
machine 1, then goto machine 2 and login as User, the admin screen is
displayed also on machine 2).
LoginBean has username/pwd fields populated from the JSF page that
automatically instantiates the bean.
// attempt login
public void login() {
User newUser = getUserByUserPass(lbean.getLoginname(), lbean
.getLoginpass());
if (newUser == null)
setGuestUser();
else
lbean.setCurrentUser(newUser);
}
LoginBean is session managed:
<managed-bean>
<description>Login bean</description>
<managed-bean-name>LoginBean</managed-bean-name>
<managed-bean-class>
net.codezilla.trinity.service.LoginBean
</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
</managed-bean>
To make this multiuser, should I be explicitly creating a new
HTTPSession here in the login function and storing the LoginBean there?
Could this be a problem because i'm using NAT? If so, any external user
with NAT on their LAN would have the same problem, correct?
