Hello,
I have the following scenario:
I have a login-site with username and password.
Now, I open for example the Mozilla-browser and login with my username and password.
All works. In the same browser, I cannot login twice as the Session is activ. That s okay!
But when I open a other browser, for example, Internet Explorer, then I can login again, even when I have been looged in in the Mozilla-browser because a new Session (independently from the Session of Mozilla) begins. How can I avoid this? I want, that the same User can login at most once time, independently from which browser.
I know, I can retrieve the Session via the Application-Scope and overwrite it with the newest one coming from the last login, but I do not know, if it is in conflict with some security constrain given in the SEAM.
The method
Session.instance().invalidate();
can only invalidate the Session from the Client-instance revoking this method. Is there a other way achieving it with SEAM?