[Catalyst] Preventing simultaneous logins

J. Shirley jshirley at gmail.com
Wed Jul 23 21:20:44 BST 2008


On Wed, Jul 23, 2008 at 1:12 PM, Jonathan Rockway <jon at jrock.us> wrote:
> * On Wed, Jul 23 2008, Daniel McBrearty wrote:
>> What I'd like to do is check if this user is already logged in at some
>> other computer, and deny access if so.
>
> I would probably store sessions in the database, and then store the
> session ID in the user table at login time (current_session) or
> something.  Then when they log in again, you can join in the session
> row, check the expiration time in that row, and then allow/deny the
> login.  You can also use that opportunity to delete the session from the
> database so that the other machine no longer has a valid session.
>
> I don't think the file-based session stores provide this much
> flexibility, but you could probably hack something similar if you really
> needed to.
>
> Regards,
> Jonathan Rockway
>
> --
> print just => another => perl => hacker => if $,=$"
>

I agree this is the way to go, and it would be pretty easy to write a
Credential that inherits from Password that does the additional check
before succeeding.

That way your controllers stay thin, and this feature is more easily
tuned and configured.

-J



More information about the Catalyst mailing list