I have a system where I want to register whenever a user successfully logs into my application. I want to include the times where a user gets authenticated through 'remember me' functionality (when he logs in after a timeout) and achieve this by having an ApplicationListener filtering out any AuthenticationSuccessEvents. My problem occurs when a user, after having timed out, directly enters a page which includes several ajax requests. The system don't have time to authenticate the first call before the next request is sent, so all (or most of) the calls gets authenticated and logged as separate entries.
It seems to me that this could (hopefully) be a common problem with 'remember me' and ajax and hoped that there was a fairly easy way of fixing it, but I can't find any good information on the issue.
One possible solution could perhaps be to synchronize the code where log entries gets written to the database and make sure no other entries was written the last few seconds before entering a new one. I don't like this solution though, as I think it would scale poorly.
I am currently using acegi-security version 1.0.4 , but plan to upgrade to spring-security 2.x some time in the future.
Help and suggestions are greatly appreciated.
Thanks in advance.