[Catalyst] Preventing simultaneous logins

Wade.Stuart at fallon.com Wade.Stuart at fallon.com
Wed Jul 23 22:53:45 BST 2008

> It's fairly simple to track user login now.  You can have an automatic
> ping from the browser to the server that updates the session time.
> Just put it in your template wrappers so you have some simple request
> (even something like an action that renders an image, and a javascript
> timer that reloads that image every X number of seconds).
> That way you can set your lockout time to a ridiculously low level so
> the user doesn't have to wait for the session to clear.

True, assuming you can count on javascript to be enabled on the client (you
control the client software/settings, or don't care to support users that,
either by choice, or cooperate policy can't enable js) and take the extra
hits on your server(s) and db/session store for each idle client.

Even with web 2.0 around there are still quite a few users that will not
run js.

> I think the points about the problem are perfectly valid though, it's
> a hard problem to solve right, because "right" is very use case
> specific and the protocol itself is the problem.

Yep,  all "solutions" have trade offs.  If someone knows one that fits all
I would be more then interested in hearing about it.

More information about the Catalyst mailing list