[Catalyst] Preventing simultaneous logins

Matt S Trout dbix-class at trout.me.uk
Sat Jul 26 05:39:41 BST 2008


On Fri, Jul 25, 2008 at 10:27:34AM +0200, Daniel McBrearty wrote:
> >>
> >> 1. checking whether there is an existing session associated this username
> >
> > Session::PerUser ?
> >
> 
> I looked briefly at this, but I'm a bit wary because
> C::P::Session::Store::Fastmmap warns against being used with it. What
> is PerUser doing that is special in that respect, and what is a good
> backend for it?
> 
> REading the docs for it, it seems like something slightly different -
> keeping the same session in place, even if the user logs in in the
> middle of it, if I understand correctly?

You want:

login from elsewhere to log out the same user anywhere else

It wants:

any login by the same user "claims" the user's session

so, if you add in your root auto

if ($c->user_exists) {
  unless ($c->user_session->{sid} eq $c->sessionid) {
    $c->logout;
    $c->forward('/auth/logged_out');
    return 0;
  }
}

and in MyApp

sub set_authenticated {
  my $self = shift;
  $self->next::method(@_);
  $self->user_session->{sid} = $self->sessionid;
}

then you should pretty much be done.

So far as I can tell, this is perfect for you. You just sometimes get
persistent session data as well (it warns against fastmmap because in the
"persistent session" use case fastmmap is lossy - in yours the lossyness
is irrelevant, you don't care about the persistence feature)

-- 
      Matt S Trout       Need help with your Catalyst or DBIx::Class project?
   Technical Director                    http://www.shadowcat.co.uk/catalyst/
 Shadowcat Systems Ltd.  Want a managed development or deployment platform?
http://chainsawblues.vox.com/            http://www.shadowcat.co.uk/servers/



More information about the Catalyst mailing list