Be careful not to confuse sessions with opening new windows. I got bit by this recently.
For example; an application is a link from a portal. This portal opens a new window (i.e. target="_blank") that launches your wicket or servlet app. A new session is created upon first log in. The user then launches a duplicate of the same app from the portal. You may think that at this point a new session is created for the duplicate app, but it is not it will use the same session id as the original launch. This will occur even if the user closes the original window then launches the app again - at least until the session expires normally. So the session ID will remain the same even if multiple windows have been opened. Wicket has a multiple windows feature, but this only works if the user decides to manually open a window via the File --> New Window or using keyboard shortcuts within the browser. A way around this would be to force the user to always do a Close or Log Out button; at which time you could invalidate the session. But, I do not know how to deactivate the standard X in the right top corner of the browser or the File --> Exit menu option. Maybe there is a way, or my knowledge of this is very limited? -----Original Message----- From: Jeremy Thomerson [mailto:jer...@wickettraining.com] Sent: Friday, June 12, 2009 1:34 PM To: users@wicket.apache.org Subject: Re: how to avoid multiple session for the same username Store the session ID in your DB whenever someone signs in. Then if someone signs in, and the session ID is not the same, you can either block them from signing in, or you can have something in the request cycle that checks on every request to make sure that this session ID is still allowed to be signed in. If it's not, sign out. -- Jeremy Thomerson http://www.wickettraining.com On Fri, Jun 12, 2009 at 12:30 PM, tubin gen<fachh...@gmail.com> wrote: > I need suggestions on implementing single user login , like My system has a > user with a username jdavid and my application should not allow two > different sessions for the same username jdavid , can one session peep > into all other session > to see if the any has a usernaem jdavid, I am basically looking for some > pattern if any available for restricting multiple session for the same > username . > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ EMAIL CONFIDENTIALITY NOTICE This Email message, and any attachments, may contain confidential patient health information that is legally protected. This information is intended only for the use of the individual or entity named above. The authorized recipient of this information is prohibited from disclosing this information to any other party unless required to do so by law or regulation and is required to destroy the information after its stated need has been fulfilled. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or action taken in reliance on the contents of this message is strictly prohibited. If you have received this information in error, please notify the sender immediately by replying to this message and delete the message from your system. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
