On 12/10/2009 14:37, Peter Crowther wrote:
2009/10/12 Josh Gooding<josh.good...@gmail.com>:
To my knowledge the Single Sign on in Tomcat is a way for all of your back
end applications in your VH to recognize that you have logged in to one
place, and all of the apps belonging to that VH will be logged into.
Correct.
What I am trying to do is restrict the login from users to one single
session. (i.e. if you are logged in once, you cannot log in again unless
your session expires or you log out.) Is this possible with what is
included with Tomcat or is this going to take some custom code?
You'll need custom code.
Are you sure this is an appropriate requirement? In particular, how
do you plan to handle (say) a browser or client crash that loses the
in-memory session cookie? The user can neither log out from the old
session nor log into a new session until the server times out the
session.
The OP could just set a new key value in the session each time a user
logs in, and ensure that any user with an old, invalid key is logged out
on their next request.
You would need to compare the key in the session, on each request, to
the key associated with the user in storage somewhere, which is an
additional overhead.
A Filter in each app would be suitable, (or a Valve though these will
soon be going the way of the Dodo, so they're probably not a good long
term choice).
p
- Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
