Java EE + GlassFish: Force user to logout if he/she log in somewhere else

I hope my question on the title make sense, if not, let say: machine A, via the web browser I log in as admin, I go to machine B, and log in as admin, the web browser in machine A should force a logout on user admin. I gave this some thought, and I think it will be ugly if I try to manual implement this. I have a feeling that this can be开发者_Python百科 done in Glassfish.

I use Java EE 6 + Glassfish v3.0.1. Authentication and authorization are implemented via jdbcRealm set up in Glassfish

• create and map (using <listener>..</listener> in web.xml) a HttpSessionListener
• on sessionCreated(..) store a reference to the session in the ServletContext, in a Map<String, Session>
• when the user logs-in, get the Map from the ServletContext and see if any session there has the same user / userId as a session attribute.
• if there is, session.invalidate() it.
• if you want to use this in a cluster, you can either use a database to store the information so that it is accessible from everywhere, or use a distributed cache (JBoss Cache, Ehcache)