2 Replies Latest reply on May 28, 2009 2:34 PM by Ingo Dietz

    prevent multi-login in one and the same browser?

    Ingo Dietz Newbie

      Hi,


      we are using seam security for user-login in a RichFaces application.


      Is it possible to prevent a second login in one and the same browser or to kill the workspace of the first user?


      Here is our szenario, which you can reproduce in the seamspace example for example:


      1. We have a login-page (login.xhtml). When login is successful the user is redirected to the main-page (main.xhtml).


      2. USER A is logged in the first tab/workspace of a browser


      3. Then USER B will login in a second tab/workspace of one and the same browser.


      At the moment the user/session in the first tab/workspace will automatically change from USER A to USER B with all the permissions of USER B.


      I tried to prevent this with a logoff of USER A before a second logoff happens:


      - org.jboss.seam.web.Session.instance().invalidate();


      - identity.logout();


      Now my questions:


      1. Is it possible to destroy the first tab/workspace if you continue work in it after USER B has logged in. destroy means for example to do a redirect to the login-page with a nahigation rule or to automatically close the tab/workspace of the browser.


      2. Alternatively is it possible to prevent a second login of another user in one and the same browser?


      In my opinoin the user should be responsible for a correct logout, but we need this for security reasons.


      Any advise is welcome.


      Many thanks for your help
      tarsia