Imagine a Security Framework for J2EE Applications, which could be accessed by both Web and EJB container. This framework would offer an API for user login. Is there any useful pattern to block a second try to login in an application using the same username? I mean, only one instance of the username could be logged in in a given time.
I would not like to use a database approach. I´ve been thinking of replicating this behavior in both Web and EJB container by using an identifier stored in application scope (HttpSession) and in an EJB Stateful, respectively.
I´d appreciate any idea.