通过SessionID和用户名来保证同一个用户不能同时登录

可以通过SessionID和用户名来保证同一个用户不能同时登录的问题，下面程序模仿了QQ的登录，当登录后判断当前帐号是否已经登录，如果登录。则踢掉以前登录的用户。

重置sessionID

private void createNewSession(HttpServletRequest request, HttpServletResponse response, EntCurrentUser entCurrentUser) throws Exception {
		HttpSession oldSession = request.getSession();
		Enumeration attrNames = oldSession.getAttributeNames();
		Map attrMap = new HashMap();
		
		while(attrNames != null && attrNames.hasMoreElements()) {
			String attrName = (String)attrNames.nextElement();
			attrMap.put(attrName, oldSession.getAttribute(attrName));
		}
		
		oldSession.invalidate();
		HttpSession newSession = request.getSession(true);
		
		Set keySet = attrMap.keySet();
		if(keySet != null && !keySet.isEmpty()) {
			Iterator it = keySet.iterator();
			while(it != null && it.hasNext()) {
				String key = (String)it.next();
				newSession.setAttribute(key, attrMap.get(key));
			}
		}
		if(entCurrentUser != null) {
			entCurrentUser.setNewSession(newSession);
		}
	}

参考资料： http://www.xuebuyuan.com/465665.html

参考资料：http://blog.csdn.net/cctcc/article/details/9773185