Hi,
As always we are in a kind of a mess. We have a web application that is implemented using oracle database packages (Oracle Cartridges) on Oracle 9iAS with modplsql. This uses basic authentication mode (using DADs) thus each user loggin in is actually a valid database user.

We have a need to restrict access of the application to single user per user account. We are able to do this as long as he is using the regular web address (First pages) to login. However once into the application the user can always copy the URL pass it on to another machine and he can login using the same user id and password on that machine as well and still have both sessions valid. In effect any number of users can login using a single user id and password.

We are not able to capture the session details through the routines available or rather we are not aware if Oracle provides any methods for session management for modplsql.

Has any one of you worked on similar systems and faced this problem? Any ideas on how to avoid the anamolous behaviour mentioned above?

Your inputs are most welcome.
Thanks in advance for your time.
Thanks
Raz