Well, we do it by also keeping a reference to the user (not the
subject that swarm uses) in the session.
And we check if the the user is already logged in in the constructor
of our login page.
The login context is not intended to check if the same user is already
logged in.
The logincontext does however prevent (if so ordered, which is the
case by default) multiple logins.
I don't think multiple logins is what you want, but if that is the
case you could take a look at the constructors of LoginContext, they
let you change the default behavior.
Maurice
On Tue, Mar 25, 2008 at 7:07 PM, Warren <[EMAIL PROTECTED]> wrote:
> Where would you check to see if the same user was trying to log on again, in
> the LoginContext? I can check in the Session and see if a user is logged on
> or not, but I can not check to see if it is the same user unless I keep the
> userid and password in the session. I would like to do it in the
> LoginContext and throw an Exception if it is the same user. The way it is
> now, I get a LoginException from the LoginContainer if I try to log on
> again, but I have no way of knowing if it is because the same user is logged
> on or not.
>
> public void login(LoginContext context) throws LoginException
> {
> ...
> if (subjects.containsKey(key))
> throw new LoginException("Already logged in through
> this context
> ").setLoginContext(context);
> ...
> }
>
> How would you suggest figuring out if it is the same user or not?
>
>
>
>
> > -----Original Message-----
> > From: Maurice Marrink [mailto:[EMAIL PROTECTED]
> > Sent: Tuesday, March 25, 2008 10:02 AM
> > To: [email protected]
> > Subject: Re: Wicket-Security Back Button and Login more than once
> >
> >
> > We also use a "screensaver" but it does not use the login routines,
> > instead it just verifies the user input against the username and
> > password from the loggedin user.
> > Also you can a check on the loginpage to determine if there is already
> > a logged in user, if there is and it is the same username you can skip
> > logging in again.
> >
> > Maurice
> >
> > On Tue, Mar 25, 2008 at 5:41 PM, Warren
> > <[EMAIL PROTECTED]> wrote:
> > > How do you deal with the situation where a user uses the
> > browser back button
> > > and ends up on a login page and then trys to login again? In
> > other words,
> > > how do you allow a user to login more than once. I am also
> > running into this
> > > same situation when I manually throw a
> > > RestartResponseAtInterceptPageException(Login.class) exception.
> > >
> > > I need a 5 minute screen saver type of time out and then the
> > regular session
> > > expired time out. The screen saver would require the user to
> > login again and
> > > the pick-up where they left off, but if a new user logged in it would
> > > invalidate the previous users session and start the new user
> > from the home
> > > page. I wrote something that kind of works, but I keep running
> > into little
> > > problems with it.
> > >
> > > What would be the best way to do this?
> > >
> > > Thanks,
> > >
> > > Warren Bell
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
