[Catalyst] Preventing simultaneous logins

J. Shirley jshirley at gmail.com
Wed Jul 23 21:20:44 BST 2008

On Wed, Jul 23, 2008 at 1:12 PM, Jonathan Rockway <jon at jrock.us> wrote:
> * On Wed, Jul 23 2008, Daniel McBrearty wrote:
>> What I'd like to do is check if this user is already logged in at some
>> other computer, and deny access if so.
> I would probably store sessions in the database, and then store the
> session ID in the user table at login time (current_session) or
> something.  Then when they log in again, you can join in the session
> row, check the expiration time in that row, and then allow/deny the
> login.  You can also use that opportunity to delete the session from the
> database so that the other machine no longer has a valid session.
> I don't think the file-based session stores provide this much
> flexibility, but you could probably hack something similar if you really
> needed to.
> Regards,
> Jonathan Rockway
> --
> print just => another => perl => hacker => if $,=$"

I agree this is the way to go, and it would be pretty easy to write a
Credential that inherits from Password that does the additional check
before succeeding.

That way your controllers stay thin, and this feature is more easily
tuned and configured.


More information about the Catalyst mailing list