| Andrew Cooke | Contents | Latest | RSS | Twitter | Previous | Next


Welcome to my blog, which was once a mailing list of the same name and is still generated by mail. Please reply via the "comment" links.

Always interested in offers/projects/new ideas. Eclectic experience in fields like: numerical computing; Python web; Java enterprise; functional languages; GPGPU; SQL databases; etc. Based in Santiago, Chile; telecommute worldwide. CV; email.

Personal Projects

Lepl parser for Python.

Colorless Green.

Photography around Santiago.

SVG experiment.

Professional Portfolio

Calibration of seismometers.

Data access via web services.

Cache rewrite.

Extending OpenSSH.

C-ORM: docs, API.

Last 100 entries

Weeks 10 + 11; Change: No Longer Possible To Merge Metadata; Books on Old Age; Health Tree Maps; MRA - Men's Rights Activists; Writing Good C++14; Risk Assessment - Fukushima; The Future of Advertising and Surveillance; Travelling With Betaferon; I think I know what I dislike so much about Metafilter; Weeks 8 + 9; More; Pastamore - Bad Italian in Vitacura; History Books; Iraq + The (UK) Governing Elite; Answering Some Hard Questions; Pinochet: The Dictator's Shadow; An Outsider's Guide To Julia Packages; Nobody gives a shit; Lepton Decay Irregularity; An Easier Way; Julia's BinDeps (aka How To Install Cairo); Good Example Of Good Police Work (And Anonymity Being Hard); Best Santiago Burgers; Also; Michael Emmerich (Vibrator Translator) Interview (Japanese Books); Clarice Lispector (Brazillian Writer); Books On Evolution; Looks like Ara (Modular Phone) is dead; Index - Translations From Chile; More Emotion in Chilean Wines; Week 7; Aeon Magazine (Science-ish); QM, Deutsch, Constructor Theory; Interesting Talk Transcripts; Interesting Suggestion Of Election Fraud; "Hard" Books; Articles or Papers on depolarizing the US; Textbook for "QM as complex probabilities"; SFO Get Libor Trader (14 years); Why Are There Still So Many Jobs?; Navier Stokes Incomplete; More on Benford; FBI Claimed Vandalism; Architectural Tessellation; Also: Go, Blake's 7; Delusions of Gender (book); Crypto AG DID work with NSA / GCHQ; UNUMS (Universal Number Format); MOOCs (Massive Open Online Courses); Interesting Looking Game; Euler's Theorem for Polynomials; Weeks 3-6; Reddit Comment; Differential Cryptanalysis For Dummies; Japanese Graphic Design; Books To Be Re-Read; And Today I Learned Bugs Need Clear Examples; Factoring a 67 bit prime in your head; Islamic Geometric Art; Useful Julia Backtraces from Tasks; Nothing, however, is lost with less discomfort than that which, when lost, cannot be missed; Article on Didion; Cost of Living by City; British Slavery; Derrida on Metaphor; African SciFi; Traits in Julia; Alternative Japanese Lit; Pulic Key as Address (Snow); Why Information Grows; The Blindness Of The Chilean Elite; Some Victoriagate Links; This Is Why I Left StackOverflow; New TLS Implementation; Maths for Physicists; How I Am 8; 1000 Word Philosophy; Cyberpunk Reading List; Detailed Discussion of Message Dispatch in ParserCombinator Library for Julia; FizzBuzz in Julia w Dependent Types; kokko - Design Shop in Osaka; Summary of Greece, Currently; LLVM and GPUs; See Also; Schoolgirl Groyps (Maths); Japanese Lit; Another Example - Modular Arithmetic; Music from United; Python 2 and 3 compatible alternative.; Read Agatha Christie for the Plot; A Constructive Look at TempleOS; Music Thread w Many Recommendations; Fixed Version; A Useful Julia Macro To Define Equality And Hash; k3b cdrom access, OpenSuse 13.1; Week 2; From outside, the UK looks less than stellar; Huge Fonts in VirtualBox; Keen - Complex Emergencies; The Fallen of World War II

© 2006-2015 Andrew Cooke (site) / post authors (content).

Session Limitation with Acegi

From: "andrew cooke" <andrew@...>

Date: Mon, 27 Feb 2006 14:44:16 -0300 (CLST)

Sometimes it's useful to restrict a user a single session.  This
simplifies the logic needed to guarantee certain restrictions.

For example, I always want a user to have a minimum of one valid email
address.  With two parallel sessions and two valid emails a user could
delete one email in each session and I would need to verify consistency in
the database.  Restrictig to one session lets me implement the restriction
in the business logic.

However, the exact configuration was not obvious.  After some
experimentation the following seemed to work.

First, you need some way of detectig when sessions expire.  This is
largely automatic as long as you register the following in web.xml:

  <!-- used to track session events (single user session) -->

I have all my authentication-related xml in web-authentication.xml (and
referenced via context-param in web.xml).  It includes:

  <bean id="authenticationManager"
    <property name="sessionController" ref="singleSession"/>
    <property name="providers">

  <bean id="sessionRegistry"

  <bean id="singleSession"
    <property name="maximumSessions" value="1"/>
    <property name="exceptionIfMaximumExceeded" value="true"/>
    <property name="sessionRegistry" ref="sessionRegistry"/>

Which is all that is needed (I suspect sessionRegistry is supplied by
default anyway).

The way it seems to work is as follows:
- authenticationManager calls the appropriate provider
- if that succeeds, it calls sessionController
- sessionController applies the appropriate logic, using the information
  in sessionRegistry
- sessionRegistry is correct because of the event system (which includes
  the listener you registered).


Session Limitation with Acegi blog post

From: "andrew cooke" <andrew@...>

Date: Fri, 10 Oct 2008 07:07:52 -0400 (CLT)

---------------------------- Original Message ----------------------------
From:    "m zyzy" <myzyzy@...>
Date:    Thu, October 9, 2008 10:40 pm

First of all, I am new in spring and acegi , and I know the post is a bit
old, but I am stuck with acegi v1.0.4 - Spring security V2.0.4 -wait for
me-We'll meet in my next project..

why you dont use this filter below ? is there an explanation as why you
didnt use it?
<bean id="concurrentSessionFilter"
      <property name="sessionRegistry"> <ref bean="sessionRegistry"/>
      <property name="expiredUrl" value="/login.jsp"/>

I also use the same config xml code as you wrote in the blog post but with
the addition of above code and it's work fine for me (of course, with the
above code , I need to add the concurrentSessionFilter in the
filterChainProxy's filter sequence).

-Second as we both use the way that to prevent second login attempt at a
time in different machine/browser , how to show a text message in a jsp
page to indicate that the unsuccessful second logger of user he/she is
trying to log in to is in used already currently? How this can be done?

Thanks .

No Idea!

From: "andrew cooke" <andrew@...>

Date: Fri, 10 Oct 2008 07:14:33 -0400 (CLT)


No idea why I didn't use that - perhaps it wasn't around when I wrote the
code?  Perhaps I missed it?

Curiously, it's not mentioned at

I haven't used Acegi since this post, so I'm afraid I can't help more (but
thanks for posting - people do sometimes read this page, according to my
logs, so it will help them).


Comment on this post