If your intention is Brute Force Attach use Apache Web server, you might try mod_evasive to protect your login forms
If you want to keep track, if the user is allready using another session, you might save the information in the database and check for each login if there is an entry in the db and then if the entry is still a valid session. Best Regards Sebastian Edmon Begoli schrieb: > Hi, > > Can someone please suggest an effective way to restrict number of > sessions/logins allowed per user. > > This is a security requirement imposed by the client I currently deal > witt. > > I would like for some Tomcat specialists to suggest some intelligent > solution for this. > > Thanks in advance! > > Thank you, > Edmon > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]