How to invalidate an user session when he logs twice with the same credentials
I\'m using JSF 1.2 with Richfaces and Facelets.
I have an application with many session-scoped beans and some application beans.
The user logs in with, let\'
-
I like the answer from BalusC with a HttpSessionBindingListener.
But in Enterprise JavaBeansTM Specification, Version 2.0 there is written:
An enterprise Bean must not use read/write static fields. Using read-only static fields is allowed. Therefore, it is recommended that all static fields in the enterprise bean class be declared as final
So isnt't it better to make an ApplicationScoped Bean which store the table application wide without using static fields???
It tried it out and it seems to work...
Here is my example:
@Named @ApplicationScoped public class UserSessionStorage implements java.io.Serializable,HttpSessionBindingListener { @Inject UserManagement userManagement; private static final long serialVersionUID = 1L; /** * Application wide storage of the logins */ private final Mapsessions = logins.get(currentUser); if (sessions != null) { for (HttpSession httpSession : sessions) { httpSession.setAttribute("invalid", "viewExpired"); } } else { sessions = new ArrayList (); } HttpSession currentSession = event.getSession(); sessions.add(currentSession); logins.put(currentUser, sessions); } @Override public void valueUnbound(final HttpSessionBindingEvent event) { System.out.println("valueUnbound"); User currentUser = userManagement.getCurrentUser(); List sessions = logins.get(currentUser); if (sessions != null) { sessions.remove(event.getSession()); } else { sessions = new ArrayList (); } logins.put(currentUser, sessions); } }
-> Sorry for my änglish...
加载中...
- 热议问题