Hi,
When a user logs into the system he is given a session. If that same user logs
into the system he is given another session - if the browser is different such
that there is no cookie collision.
In this case I'd like to invalidate the original session on login.
How can I accomplish this?
My first thoughts were to stored the sessionId with the username which I could
then lookup on login and if a session exist invalidate it. Unfortunately the
getSessionById seems to have been deprecated in the api.
Is my only option to store the session in with my user object?
Thanks,
Fu-Tung
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
