[Catalyst] Preventing simultaneous logins
Matt S Trout
dbix-class at trout.me.uk
Sat Jul 26 05:39:41 BST 2008
On Fri, Jul 25, 2008 at 10:27:34AM +0200, Daniel McBrearty wrote:
> >>
> >> 1. checking whether there is an existing session associated this username
> >
> > Session::PerUser ?
> >
>
> I looked briefly at this, but I'm a bit wary because
> C::P::Session::Store::Fastmmap warns against being used with it. What
> is PerUser doing that is special in that respect, and what is a good
> backend for it?
>
> REading the docs for it, it seems like something slightly different -
> keeping the same session in place, even if the user logs in in the
> middle of it, if I understand correctly?
You want:
login from elsewhere to log out the same user anywhere else
It wants:
any login by the same user "claims" the user's session
so, if you add in your root auto
if ($c->user_exists) {
unless ($c->user_session->{sid} eq $c->sessionid) {
$c->logout;
$c->forward('/auth/logged_out');
return 0;
}
}
and in MyApp
sub set_authenticated {
my $self = shift;
$self->next::method(@_);
$self->user_session->{sid} = $self->sessionid;
}
then you should pretty much be done.
So far as I can tell, this is perfect for you. You just sometimes get
persistent session data as well (it warns against fastmmap because in the
"persistent session" use case fastmmap is lossy - in yours the lossyness
is irrelevant, you don't care about the persistence feature)
--
Matt S Trout Need help with your Catalyst or DBIx::Class project?
Technical Director http://www.shadowcat.co.uk/catalyst/
Shadowcat Systems Ltd. Want a managed development or deployment platform?
http://chainsawblues.vox.com/ http://www.shadowcat.co.uk/servers/
More information about the Catalyst
mailing list