[Catalyst] Preventing simultaneous logins
orasnita at gmail.com
Thu Jul 24 08:01:44 BST 2008
From: "J. Shirley" <jshirley at gmail.com>
> It's fairly simple to track user login now. You can have an automatic
> ping from the browser to the server that updates the session time.
> Just put it in your template wrappers so you have some simple request
> timer that reloads that image every X number of seconds).
If the current user doesn't access a new page in 10 (or 15, 20...) minutes, then his session expires and he could log in again on another computer.
If a company has a username for accessing a newspaper, and if an employee of that company accesses the site, he should be able to read the newspaper even if another employee tries to log in.
But if the first user doesn't access a new page every 10 minutes, his session should expire and allow the other users to log in, even if he stays logged and doesn't close his browser.
> That way you can set your lockout time to a ridiculously low level so
> the user doesn't have to wait for the session to clear.
> I think the points about the problem are perfectly valid though, it's
> a hard problem to solve right, because "right" is very use case
> specific and the protocol itself is the problem.
Yes of course. But in any case, I think that a new login should not disable a previous login, because any new user will log off a previously logged user. In that case the logged off user will try to log in again and he will logg of the other user and so on, and this will not be very nice...
A logged user must stay logged while he actively uses the page.
More information about the Catalyst