[Catalyst] Preventing simultaneous logins
emarkert at aim.com
emarkert at aim.com
Wed Jul 23 21:39:50 BST 2008
On Wed, Jul 23, 2008 at 09:47:57PM +0200, Daniel McBrearty wrote:
>And what happens if they never hit log out? Or if their browser
>crashes and then they try and log in again?
>If you really need this feature, try it the other way around: if
>someone logs in then you invalidate their first session.
I used to work for a company that never deleted sessions - long history, and dumb assumptions about the reasons for
keeping the records around...
The suggestion mentioned above, deleting the first invalid session, doesn't solve the problem because it assumes EVERYONE will
log back in.
An expiration date should be set on any session. There are a number of options you can use to extend this
expiration date, but the question posed is what to do with sessions where someone doesn't logout.
Simple, each night you have a job run that does some database maintenance - simply delete the expired session records.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20080723/ad2a8e86/attachment.htm
More information about the Catalyst
mailing list