• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: DirectAction & User login Questions.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DirectAction & User login Questions.


  • Subject: Re: DirectAction & User login Questions.
  • From: Guido Neitzer <email@hidden>
  • Date: Wed, 13 Feb 2008 15:36:13 -0700

On 13.02.2008, at 14:24, Daniel Brajkovic wrote:

However, after doing so I run my app, and it goes straight to main and creates a session.

You'll need to get rid of everything on that page that creates a session (WOTextField, WOPasswordField probably) and replace it with the standard html tags, bind the form (can be a WOForm) action to a a direct action, use a standard html submit button to submit, handle your login in the direct action that was called.


In the direct action create a session or check with "existingSession()", whether there is already one (from a previous login attempt perhaps).

On the WebObjects Wiki/confluence, it is stated that people typing in URLs with your components could cause problems. So how do I keep people from doing so?

Where's the link to that?

If I have a user/passwords login app, how do I keep people from using a common username and password simultaneously on different computers? There will be multiple application instances, on several servers.

Keep track of logged-in users in a database table. But that might cause trouble when people don't log out properly. Be aware of that! Delete the row in "session.terminate()". Also delete all entries for the specific instance on instance startup so this gets cleaned up completely.


When someone with the same username comes along, I ask them before logging them in that there is a session with this user name and whether they want to abort that other session. On every request is a check whether the session with id xy is "aborted" and if yes I redirect to a message page that this session was aborted by someone logging in with the same username / password.

Also I showed that user that he didn't log out properly if that was the case.

cug

--
Real-World WebObjects class at the Big Nerd Ranch
March 2008, Frankfurt, Germany
http://www.bignerdranch.com/classes/webobjects.shtml



_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden


  • Follow-Ups:
    • Re: DirectAction & User login Questions.
      • From: Lachlan Deck <email@hidden>
References: 
 >DirectAction & User login Questions. (From: Daniel Brajkovic <email@hidden>)

  • Prev by Date: Re: DirectAction & User login Questions.
  • Next by Date: Re: Servlet HttpSession in webobjects?
  • Previous by thread: Re: DirectAction & User login Questions.
  • Next by thread: Re: DirectAction & User login Questions.
  • Index(es):
    • Date
    • Thread