[Catalyst] Preventing simultaneous logins
Daniel McBrearty
danielmcbrearty at gmail.com
Sat Jul 26 20:56:12 BST 2008
Thanks Matt, I'll definitely try this when I get round to trying to
solve this issue.
Where does MyApp::set_athenticated get called from? when the user logs
in? no, that can't be it ... you're way ahead of me here :-) ...
>> >> 1. checking whether there is an existing session associated this username
>> >
>> > Session::PerUser ?
>> >
>>
>> I looked briefly at this, but I'm a bit wary because
>> C::P::Session::Store::Fastmmap warns against being used with it. What
>> is PerUser doing that is special in that respect, and what is a good
>> backend for it?
>>
>> REading the docs for it, it seems like something slightly different -
>> keeping the same session in place, even if the user logs in in the
>> middle of it, if I understand correctly?
>
> You want:
>
> login from elsewhere to log out the same user anywhere else
>
> It wants:
>
> any login by the same user "claims" the user's session
>
> so, if you add in your root auto
>
> if ($c->user_exists) {
> unless ($c->user_session->{sid} eq $c->sessionid) {
> $c->logout;
> $c->forward('/auth/logged_out');
> return 0;
> }
> }
>
> and in MyApp
>
> sub set_authenticated {
> my $self = shift;
> $self->next::method(@_);
> $self->user_session->{sid} = $self->sessionid;
> }
>
> then you should pretty much be done.
>
> So far as I can tell, this is perfect for you. You just sometimes get
> persistent session data as well (it warns against fastmmap because in the
> "persistent session" use case fastmmap is lossy - in yours the lossyness
> is irrelevant, you don't care about the persistence feature)
>
> --
> Matt S Trout Need help with your Catalyst or DBIx::Class project?
> Technical Director http://www.shadowcat.co.uk/catalyst/
> Shadowcat Systems Ltd. Want a managed development or deployment platform?
> http://chainsawblues.vox.com/ http://www.shadowcat.co.uk/servers/
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
--
There's an infinite supply of time, we just don't have it all yet.
More information about the Catalyst
mailing list