Re: only one login per user
Re: only one login per user
- Subject: Re: only one login per user
- From: Nathan Dumar <email@hidden>
- Date: Tue, 22 Jun 2004 14:02:12 -0400
Hmm ... I think my description was lacking. (Or maybe you read me
right and I didn't understand your response.)
I intend for each user account to cost a monthly fee. I want to avoid
the situation of someone buying one account and then sharing it. Like
when using dial-up -- if you try to log on using someone else's account
while they're using it, you will get an error that that account is
already in use. That's the behavior I want to do. So, when someone
attempts to log in, I need to check to see if the user name is already
in use in a different, active session. Somehow ...
So I was thinking, either I can make a boolean field in the user
record, "isLoggedIn," which I would set to true on login, false on
logout, or I could check each active session's user variable to see if
that user account is currently being used. Both of these options has
something I don't know how to do (see original description).
Thanks for the help though, Tony. I appreciate your time and effort.
Nathan
On Jun 22, 2004, at 11:32 AM, Tony Becker wrote:
Upon login store the sessionid, the requestid, and the login time. On
logout, null them.
On login, check for the existence of the sessionid/requestid within a
reasonable time (your choice).
Allow them in if the time difference is > 1hr or so.
If the time difference is less then 1hr, give them a choice of the old
session, or trashing it (you have the keys in the DB) and creating a
new session.
http://developer.apple.com/documentation/WebObjects/Reference/
API5.2.2/com/webobjects/appserver/class-use/WOSession.html
Note that there may be additional EO/DB clean up, if the previous
session was in some kind of transaction, so maybe restoration might be
something to try (If they simply closed the browser. Also, how would
you prevent two people, with the same login from "fighting" for the
"singleton" session - maybe the 1hr should be the session timeout and
you force them to wait.
Food for thought - I don't know your application requirements.
On Jun 22, 2004, at 10:39 AM, Nathan Dumar wrote:
I would like to make sure a user account is not used by multiple
people at the same time, by checking to see if the user has already
logged in (has an active session). I can see two possibilities so
far, but my knowledge falls short with both ideas:
1) Store the info in the db and override the session.terminate() to
set a user to logged out (in case they don't log out, but the session
times out). How and where do I override session.terminate()?
2) Put a function at the application level that checks each session's
user variable (across all app instances) for the proposed user. How
do I phrase the WOApplication-level code to look down into each
session? How do I call this code from a page?
Is there a better way that I'm missing?
Thanks for your time.
Nathan
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.