Reputation: 522
Glassfish allow only one session from the same user at a time
I'm using glassfish to host a servlet with login page authentication method over https.
I need that if an user is logged in form somewhere no one should be able to log in using the same credentials until that user session expires or becomes invalidated.
Example: I'm the user A logging from place 1 using user:example password:example1. I don't want an user B in place 2, or in place 1 but from a different pc, to be able to log in using user:example and password:example1, or the user B, by logging in, should invalidate user A session.
Is that possible withouth writing a custom auth module?
Upvotes: 0
Views: 249
Answers (1)
Reputation: 1487
GF and Java EE 7 do not provide anything like this out of the box. You would need to code this business logic yourself, most likely in whatever code you write to handle log-ins. Mobile users might pose a challenge in that as they roam (laptop, tablet, smartphone) they may be likely to pick up new IP addresses during the lifetime of their active session.
Upvotes: 1
Related Questions
- Allow only one session per each account
- Java Web Application multiple user session handling
- Glassfish-3.0.1 mixing user sessions - SSO
- GlassFish v3.1 preventing several users login with same credentials
- Java Soap Glassfish get session after Login
- Glass fish Server authentication
- glassfish 4 programmatic login
- keeping alive multiple sessions in the same glassfish instance
- Basic Authentication in Glassfish
- How do I keep Glassfish from creating a new session for each request?