I am using J2EE Session Variables for session handling in my application - mainly because it doesn't set cookies on client side and the session expires when browser is closed. (We have to explicitly code for achieving this functionality if we are using CFID & CFTOKEN sessions.) I have two questions:
1) Are there any disadvantages of using J2EE Session Variables?
2) How can I prevent multiple logins with the same userID from two different locations? The first signed in user should be logged off when he tries to login from another place.