You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Jordan Green <jg...@slacker.com> on 2013/11/11 21:05:17 UTC
Re: Control/Prevent concurrent user logins from different
browsers/devices
I was able to do this in a custom Authentication filter, where I have a
static map of userName->SessionId.
Then, in the onAccessDenied method after the user logs in, I look for a
prior sessionId for that username, and if I find one, I get the sessionDao
and delete the session.
Since I'm doing the last login wins, I don't want to deny the request. But
if you wanted to do that, you could return false from the onAccessDenied
method, probably with some kind of status on your response.
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Re-Control-Prevent-concurrent-user-logins-from-different-browsers-devices-tp7579195p7579367.html
Sent from the Shiro User mailing list archive at Nabble.com.