Re: only one login per user
Re: only one login per user
- Subject: Re: only one login per user
- From: James Cicenia <email@hidden>
- Date: Tue, 22 Jun 2004 14:40:29 -0500
This was timely information as I also have a "hosted application" and
will need to soon start
managing the same user restriction. I like storing the last used
session id as a user property
as the best solution.
-James Cicenia
On Jun 22, 2004, at 1:59 PM, Marios Assiotis wrote:
Nathan,
Both approaches have the same problem. If a user simply closes their
browser instead of hitting the logout button then they are locked out
of the application until their session expires. As Tony correctly
pointed out you would have to present the user with the option of
using the existing session or creating a new one and trashing the old
one.
For the first approach mentioned you would have to subclass WOSession
and provide your own implementation of terminate(). Don't forget to
call super() in the default constructor.
For the second approach you probably will need to store that
information in the database each time a session is initialized. I
would recommend providing your own concrete implementation of
WOSessionStore against a database and store the username along with
the session id and the session data. Then upon the creation of a new
session (implies successful authentication) you lookup in the database
to see if the user has a session active(i.e did not expire - not
necessarily active) and give the user the option of trashing the
existing session or not.
A third approach would be to store the last used session id in the
database as a user property and see if the session is active (again
active == not expired) using restoreSessionWithID() in the concrete
WOSessionStore implementation which will return null if the session
has expired.
Nathan Dumar wrote:
Hmm ... I think my description was lacking. (Or maybe you read me
right and I didn't understand your response.)
I intend for each user account to cost a monthly fee. I want to
avoid the situation of someone buying one account and then sharing
it. Like when using dial-up -- if you try to log on using someone
else's account while they're using it, you will get an error that
that account is already in use. That's the behavior I want to do.
So, when someone attempts to log in, I need to check to see if the
user name is already in use in a different, active session. Somehow
...
So I was thinking, either I can make a boolean field in the user
record, "isLoggedIn," which I would set to true on login, false on
logout, or I could check each active session's user variable to see
if that user account is currently being used. Both of these options
has something I don't know how to do (see original description).
Thanks for the help though, Tony. I appreciate your time and effort.
Nathan
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.