I'm writing the login modules for a JBoss 7.11 web application that needs to limit the number of active sessions a user may be logged into at a time (the actual number will be configurable).
My current plan is to write a custom Login-Module that accepts a user Principal, references the database to see how many sessions are actually allowed per user, and reject or allow depending on whether or not the user sessions associated with that Principal exceeds the limit.
My question is: what the best way is to find out how to reference the number of active sessions that are associated with a Principal?
I do have the obvious option of tracking active sessions in my database and get my count from there, but I'd prefer not to have to use the database for that.
I also noticed an answer (Get HttpSession/Request in a JAAS Login Module) that indicated that HTTPServletRequests can be grabbed, in which case I can get the Session and even the ServletContexts, but I am unsure if there is anything I can do with these to accomplish what I want to do in a Login-Module once I have them.
