In order to ensure the only each user only has one session open at a time, we're doing the following:
1. When the user tries to log in, we check to see if the user's id is in the active_session table in our database. If it is not, the user is allowed to log in. If it is, the user is prohibited from logging in.
2. When the user logs in, the user's id is put in the active_session table in our database.
3. When the user logs out, the user's id is removed from the active_session table in our database.
My question is, how can we know to update the active_session table (i.e., remove the user id) when the user's session times out? I did not see any documentation of this in the
Servlet spec, or in
Tomcat's docs.
Thanks for any help,
Adena