See my comments in my response to Laurie. We're basically using dual
login pages, one on our main website (Apache) and the other in our
webapp. I'm currently toying with the idea of a Filter to detect the
subsequent logins against an already authenticated session.
--adam
Dale Newfield wrote:
Laurie Harper wrote:
If you have a separate 'login' page (as opposed to having a login
form on each page) you might be able to get away with invalidating
the session when that page is shown, with the caveat that logged in
users would implicitly be logged out if they visit that page.
And in the case where there's not a separate login page you could add
an interceptor that's only in the stack of your login form, which
invalidates the session. That way it's impossible for someone to get
to the point where they'll be logging in while already logged in.
-Dale
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
