[Catalyst] Preventing simultaneous logins
jshirley at gmail.com
Wed Jul 23 21:20:44 BST 2008
On Wed, Jul 23, 2008 at 1:12 PM, Jonathan Rockway <jon at jrock.us> wrote:
> * On Wed, Jul 23 2008, Daniel McBrearty wrote:
>> What I'd like to do is check if this user is already logged in at some
>> other computer, and deny access if so.
> I would probably store sessions in the database, and then store the
> session ID in the user table at login time (current_session) or
> something. Then when they log in again, you can join in the session
> row, check the expiration time in that row, and then allow/deny the
> login. You can also use that opportunity to delete the session from the
> database so that the other machine no longer has a valid session.
> I don't think the file-based session stores provide this much
> flexibility, but you could probably hack something similar if you really
> needed to.
> Jonathan Rockway
> print just => another => perl => hacker => if $,=$"
I agree this is the way to go, and it would be pretty easy to write a
Credential that inherits from Password that does the additional check
That way your controllers stay thin, and this feature is more easily
tuned and configured.
More information about the Catalyst