Re: only one login per user
Re: only one login per user
- Subject: Re: only one login per user
- From: Colin Clark <email@hidden>
- Date: Tue, 22 Jun 2004 15:10:28 -0400
Hi Nathan,
On Tuesday, June 22, 2004, at 02:02 PM, Nathan Dumar wrote:
So I was thinking, either I can make a boolean field in the user
record, "isLoggedIn," which I would set to true on login, false on
logout, or I could check each active session's user variable to see if
that user account is currently being used. Both of these options has
something I don't know how to do (see original description).
1) Store the info in the db and override the session.terminate() to
set a user to logged out (in case they don't log out, but the
session times out). How and where do I override >>> session.terminate()?
At risk of pointing out the obvious, the place to override WOSession
terminate() is in your session subclass. Check the Javadocs for the
exact signature of the method, and make sure you call super.terminate()
after your custom code to ensure that the framework has the opportunity
to actually terminate the session for you.
In your implementation of terminate(), it sounds like you'll want to
update the "isLoggedIn" flag on your current user EO and save the
changes to the database.
If you go with the approach of storing the logged-in state of each user
in the database, you're going to want to make sure you're always
fetching fresh data for your User EOs. This addresses the possibility
that you'll have multiple instances of the application, all of which
will be modifying the databases as users log in and out. Each instance
will need to always check the database directly rather than using
potentially stale snapshots to ensure that it has the latest state
about who's logged in and who's not.
With this design, you also may want to think a bit about concurrency
situations and cases where an application may crash, leaving your user
logged in indefinitely.
2) Put a function at the application level that checks each
session's user variable (across all app instances) for the proposed
user. How do I phrase the WOApplication-level code to look down
into each session? How do I call this code from a page?
You're maybe thinking about this approach from the wrong direction.
There's no trivial way for a WOApplication to inspect its active
session instances in order to determine particular session state.
However, it is easy for session instances to reference their
applications. You could write some code that manages a list of users at
the application level. When a specific user logs in, your WOSession
subclass could add them to the application's list of currently active
users, and then remove them when they log out.
The problem with this design is that it will only work for a single app
instance. If you end up requiring more than one instance of your app
for load balancing, each instance will have completely parallel lists
of who is logged in. Not a good idea. At that point, you'd have to look
at some kind of change notification between application instances,
which is much more trouble than it's worth for something like this. If
this is global data required by all instances of your application, it
probably rightfully belongs in the database.
I hope that helps,
Colin
---
Colin Clark
Dynamic Web and Database Lead,
Resource Centre for Academic Technology,
University of Toronto
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.