0

I'm using glassfish to host a servlet with login page authentication method over https.

I need that if an user is logged in form somewhere no one should be able to log in using the same credentials until that user session expires or becomes invalidated.

Example: I'm the user A logging from place 1 using user:example password:example1. I don't want an user B in place 2, or in place 1 but from a different pc, to be able to log in using user:example and password:example1, or the user B, by logging in, should invalidate user A session.

Is that possible withouth writing a custom auth module?

chiarfe
  • 522
  • 3
  • 15

1 Answers1

1

GF and Java EE 7 do not provide anything like this out of the box. You would need to code this business logic yourself, most likely in whatever code you write to handle log-ins. Mobile users might pose a challenge in that as they roam (laptop, tablet, smartphone) they may be likely to pick up new IP addresses during the lifetime of their active session.

NBW
  • 1,467
  • 2
  • 18
  • 27