I want to avoid the user to create 2 sessions at the same time... If a user logs on machine/browser A and then logs on machine/browser B, so I want to invalidate the UserSession for A. If the user returns to machine A, so I force him to relogin. Can you tell me how it is possible to get all UserSession and to invalidate the one that relies on the userid. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4220736#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...