Instead of calling a remote servlet to execute logout code you can simply work with a SessionValidationFilter. Store the hostname where the last login happened into a shared DB and in a SessionValidationFilter check if the login happend on the current node. If not, send a redirect to the logout URL. By that the last login will always win. It is important that in a cluster case you configure session affinity for this case.
↧