One possibility is to check for a pre-existing open login on login. If
one is detected, return an error something to the effect of "please log
off first". Offer a log-off button/link that invalidates the session
and returns the user to a welcome page. Maintaining both logins is
trickier and probably not in your best interest from a security perspective.
--David
[EMAIL PROTECTED] wrote:
Hi:
We have an Enterprise application that uses sessions to keep track of User
Information (name, role, dept). This information is used against the user when
logging out, checking credentials and displaying user information. Since we are
using Session Attributes to keep track of User Information - this gets mangled
when we try to login to application from the same browser (in FireFox) and
Ctrl-N from IE (in other words the person who gets logged in will overwrite the
current user's attribute thus losing first user information). So, I am
wondering whether you all have any recommendations/inputs to avoid this
scenario. Thanks in advance. I did check the google and other search tools, but
could not locate anything useful.
regards,
Vasu
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
