Hi rizkyk,
Hehehehe, yeah that's the 1000$ Question.
- The IP we get in our case from the spring-security framework from the Authentication Object. (search for class: LoginLoggingPolicyService.java --> 'clientAddress' )
- For counting how many users are really online. It depends on the declared 'timeout' time. If a user don't do a right logout from the application by i.e. closing the browser it's sessionId is cleaned at the earliest after it is over their timeout time. So a http-based solution is only approximately. But it's possible to run an application wide counterClass. This calls holds only a list of SessionIds. Each time a new user is logged in his sessionID is added and the whole List is verified with a list from spring.
If we have time for such things we will made an implementation (I think the zk5 EventQueues are a good staring point for such things).
Please do not hesitate to send us codes for this.
best
Stephan
PS: In the next days we will check in a new version based on zk5 and with new architecture logic on some of the gui modules.