[Catalyst] Preventing simultaneous logins
Wade.Stuart at fallon.com
Wade.Stuart at fallon.com
Wed Jul 23 22:53:45 BST 2008
>
> It's fairly simple to track user login now. You can have an automatic
> ping from the browser to the server that updates the session time.
> Just put it in your template wrappers so you have some simple request
> (even something like an action that renders an image, and a javascript
> timer that reloads that image every X number of seconds).
>
> That way you can set your lockout time to a ridiculously low level so
> the user doesn't have to wait for the session to clear.
>
True, assuming you can count on javascript to be enabled on the client (you
control the client software/settings, or don't care to support users that,
either by choice, or cooperate policy can't enable js) and take the extra
hits on your server(s) and db/session store for each idle client.
Even with web 2.0 around there are still quite a few users that will not
run js.
> I think the points about the problem are perfectly valid though, it's
> a hard problem to solve right, because "right" is very use case
> specific and the protocol itself is the problem.
Yep, all "solutions" have trade offs. If someone knows one that fits all
I would be more then interested in hearing about it.
More information about the Catalyst
mailing list