I am using jaas formbased-authentification with my own loginmodule implementation for using sso. As an additional constraint it shall not be possible for the same user(principal) to have two active sessions (beeing logged in twice).
If the system would use only a single server I would probably store in the container, which users are currently logged in, but the solution must work on a cluster.
Unfortunatley I could find no clue how this can be solved in a way, that the crash of a cluster node or the database would not possbily leave users without the ability to login again (assuming their session has resided on a crashed node). Has anyone any articles or own experiences how to solve this problem?