[jboss-user] [Security & JAAS/JBoss] - Re: LoginFilter vs. WebAuthenticator
ragavgomatam
do-not-reply at jboss.com
Wed Nov 19 15:44:42 EST 2008
Yes. The approach I mentioned will have to altered slightly. Add the HttpSessionId to ServletContext too. Check for the existence of both credential & sesion id. That means user is logged in & active. So if the same user tries to log in again, his credential will be same but sessionId will be different. So may be a combination of credential + sessionId may be a key / value in ServletContext. Check for this .
Also during log out clear this from ServletContext. Log out will call a HttpSession.Invalidate(), followed by a call to HttpSessionListener that will clear out the ServletContext entries.
OR
You may set up a ServletContextListener, that ensures that Credential/session id contract is unique.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4190635#4190635
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4190635
More information about the jboss-user
mailing list