My webapp is running in a clustering environment. Because of this, I think that I should use a hybrid solution using sessions and database management.
I think there'll be easiest, If I change a little bit the problem:
1. User logged very well
2. The same user tried to do login
2.1. If the user already exists (find in database, check the jsessionid or ip, i don't know yet), then before session is invalidated (Session.invalidate())
2.2. If not, come back to step 1
The question is: How can I get the first one session instance? If I'm running in a clustering environment. I know that the session is activated and passivated... I think it's hard to handle.