• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: only one login per user
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: only one login per user

  • Subject: Re: only one login per user
  • From: Marios Assiotis <email@hidden>
  • Date: Tue, 22 Jun 2004 11:59:07 -0700
Nathan,

Both approaches have the same problem. If a user simply closes their browser instead of hitting the logout button then they are locked out of the application until their session expires. As Tony correctly pointed out you would have to present the user with the option of using the existing session or creating a new one and trashing the old one.

For the first approach mentioned you would have to subclass WOSession and provide your own implementation of terminate(). Don't forget to call super() in the default constructor.
For the second approach you probably will need to store that information in the database each time a session is initialized. I would recommend providing your own concrete implementation of WOSessionStore against a database and store the username along with the session id and the session data. Then upon the creation of a new session (implies successful authentication) you lookup in the database to see if the user has a session active(i.e did not expire - not necessarily active) and give the user the option of trashing the existing session or not.
A third approach would be to store the last used session id in the database as a user property and see if the session is active (again active == not expired) using restoreSessionWithID() in the concrete WOSessionStore implementation which will return null if the session has expired.


Nathan Dumar wrote:

Hmm ... I think my description was lacking. (Or maybe you read me right and I didn't understand your response.)

I intend for each user account to cost a monthly fee. I want to avoid the situation of someone buying one account and then sharing it. Like when using dial-up -- if you try to log on using someone else's account while they're using it, you will get an error that that account is already in use. That's the behavior I want to do. So, when someone attempts to log in, I need to check to see if the user name is already in use in a different, active session. Somehow ...

So I was thinking, either I can make a boolean field in the user record, "isLoggedIn," which I would set to true on login, false on logout, or I could check each active session's user variable to see if that user account is currently being used. Both of these options has something I don't know how to do (see original description).

Thanks for the help though, Tony.  I appreciate your time and effort.

Nathan 
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.

  • Follow-Ups:
    • Re: only one login per user
      • From: James Cicenia <email@hidden>
References: 
 >only one login per user (From: Nathan Dumar <email@hidden>)
 >Re: only one login per user (From: Tony Becker <email@hidden>)
 >Re: only one login per user (From: Nathan Dumar <email@hidden>)

  • Prev by Date: Urgent help required !!
  • Next by Date: Re: only one login per user
  • Previous by thread: Re: only one login per user
  • Next by thread: Re: only one login per user
  • Index(es):
    • Date
    • Thread