Hello,

I have the following scenario:

I have a login-site with username and password.

Now, I open for example the Mozilla-browser and login with my username and password.

All works. In the same browser, I cannot login twice as the Session is activ. That s okay!

But when I open a other browser, for example, Internet Explorer, then I can login again, even when I have been looged in in the Mozilla-browser because a new Session (independently from the Session of Mozilla) begins. How can I avoid this? I want, that the same User can login at most once time, independently from which browser.

I know, I can retrieve the Session via the Application-Scope and overwrite it with the newest one coming from the last login, but I do not know, if it is in conflict with some security constrain given in the SEAM.

The method

Session.instance().invalidate(); 

can only invalidate the Session from the Client-instance revoking this method. Is there a other way achieving it with SEAM?