Hi All, Following a security assessment, I have been asked to tighten the security in a Wicket-based web application. In particular, I need to prevent a user from having concurrent logins to the app. I would like to know if there is a preferred "Wicket Way" of implementing this feature. Reviewing the Wicket forum, it seemed like the approach would be to extend SecondLevelCacheSessionStore, and use its onBind template method to catch when a session is created. In onBind, use the RequestLogger to look through all the live sessions to determine if the user has multiple sessions. But I think I saw a comment that this won't work in a clustered environment. Is there a better way to clear extra user sessions?
Thanks very much, Steve P.S. Using v1.4.9 -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/How-to-stop-concurrent-logins-tp3332127p3332127.html Sent from the Users forum mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
