If your intention is Brute Force Attach use Apache Web server, you might
try mod_evasive to protect your login forms

If you want to keep track, if the user is allready using another
session, you might save the information in the database and check for
each login if there is an entry in the db and then if the entry is still
a valid session.

Best Regards

Sebastian


Edmon Begoli schrieb:
> Hi,
>
> Can someone please suggest an effective way to restrict number of
> sessions/logins allowed per user.
>
> This is a security requirement imposed by the client I currently deal
> witt.
>
> I would like for some Tomcat specialists to suggest some intelligent
> solution for this.
>
> Thanks in advance!
>
> Thank you,
> Edmon
>


---------------------------------------------------------------------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)